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Data  center  fabrics 
stay  single-vendor 


BYJIM  DUFFY 

STANDARDS  SUPPORT  may  soothe  some  customers 
looking  to  avoid  vendor  lock-in,  but  experts  say  many  users 
will  deploy  single-vendor  data  center  and  cloud  switching 
fabrics  from  their  primary  suppliers. 

Standards  such  as  Transparent  Interconnect  of  Lots  of 
Links  (TRILL),  Shortest  Path  Bridging  and  Multi-Chassis 
Link  Aggregation  will  be  embraced  by  those  vendors  look¬ 
ing  to  dent  Cisco’s  dominance  in  data  center  switching. 

Cisco,  meanwhile,  will  continue  to  expand  and  enhance 
its  FabricPath  approach  to  data  center  fabric  switching  — 
which  the  company  says  is  a  “superset”  of  TRILL  but  is  not 
founded  on  it.  Juniper  will  continue  advocating  a  tagging 
mechanism  in  the  Broadcom  silicon  inside  its  QFabric  line 
to  support  multiple  active  paths  and  one-hop  reachability  in 
data  centers  and  cloud  environments. 

“In  the  data  center,  customers  do  look  for  that  path  with 
the  least  bumps  in  the  road  just  because  of  the  critical  need 
of  the  data  center,”  says  Zeus  Kerravala,  principal  at  ZK 
Research. 

Brocade  says  the  current  implementation  of  its  VCS  fabric 
technology  does  not  include  all  of  the  features  that  are  found 

►  See  Fabric, page  20 


Designingthe  ‘iPad 
WLAN’ poses  new, 
renewed  challenges 

BY JOHN  COX 


COMPLICATIONS  THAT  the  influx  of  Apple  iPads  and 
iPhones  bring  to  enterprise  Wi-Fi  networks  and  wireless 
LAN  administrators  are  illustrated  vividly  at  The  Ottawa 
Hospital  in  Ontario. 

The  hospital  decided  in  2010  to  deploy  3,000  iPad  tablets 
to  doctors,  internists  and  pharmacists  in  support  of  strate¬ 
gic  patient  care  applications.  All  data  was  going  to 

be  streamed  to  the  iPads, 
and  the  Apple  tablets 
only  communicated 
►  See  i  Pad,  page  18 
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TODAY,  ONLY  34%  OF  PEOPLE 
WORK  FROM  A  SINGLE  LOCATION. 


■  Most  Comprehensive  Android™  MDM  Available 

■  MotoAssist™  IT  Call  Center  Staffed  with  Level  4  Exchange  Engineers 

■  On-the-Go  Conferencing  with  Citrix®  GoToMeeting® 

■  MOTODEV  for  Enterprise  App  Development  Support 

MOTOROLA  SUPERIOR  ANDROID  SOLUTIONS  MEAN  BUSINESS. 
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Smarter  technology  for  a  Smarter  Planet: 

How  3.8  million  tailored  messages 
made  sales  numbers  look  fantastic,  too. 

Japanese  fashion  retailer  Start  Today  took  an  IBM  smarter  commerce  approach  to  their  business,  helping  increase 
annual  sales  on  their  Zozotown  Web  site  by  54.2%.  Their  customer-centric  focus  uses  Netezza®  and  Unica®  to  rapidly 
analyze  massive  amounts  of  data,  letting  them  create  personalized  messages  for  each  of  their  3.8  million  customers. 
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FROM  THE  EDITOR  JOHN  DIX 

Push  your  cloud 
supplier  to  participate 
in  CSA  STAR 


Security  is  a  top  concern  for  potential  cloud  users 
so  the  formation  of  the  Cloud 
Security  Alliance  was  welcome 
news  when  the  organization 
emerged  in  2009.  And  while 
many  vendors  have  since  joined 
CSA,  precious  few  service 
providers  have  stepped  up  to  take  part  in  its 
Security,  Trust  and  Assurance  Registry. 

The  CSA  STAR  registry,  rolled  out  last  August,  is  “designed  to  index  the  security 
features  of  cloud  providers  using  a  170-point  questionnaire  that  end  users  are  then 
able  to  peruse”  (see  story,  page  14). 

Of  the  big  guns  that  professed  intentions  to  lay  it  on  the  line,  only  Microsoft  has 
followed  through  to  date.  Kudos  to  them.  Now  it  is  time  for  enterprise  buyers  to 
pressure  other  suppliers  to  follow  suit. 

Survey  after  survey,  after  all,  show  security  issues  are  holding  cloud  back.  The 
latest  example:  Study  results  released  last  month  by  European  managed  service 
provider  Interxion  identified  “a  perceived  lack  of  security”  as  the  top  barrier  to 
cloud  computing  adoption  (see  tinyurl.com/cvzd8xu). 

The  market-leading  cloud  service  providers  are  likely  dragging  their  feet  on 
STAR  in  the  belief  that  coming  clean  would  only  give  smaller  competitors  ammu¬ 
nition  to  use  against  them  (anything  you  say  or  do  can  be  used  against  you). 

That  can’t  work  if  buyers  demand  transparency  through  STAR,  if  they 
demand  the  right  to  see  1)  if  the  cloud  providers  are  doing  enough,  and  2)  how  the 
approaches  of  the  different  suppliers  stack  up. 

Some  suppliers  say  they  don’t  want  to  participate  in  STAR  because  they  don’t 
want  to  reveal  security  details  that  would  make  it  easier  for  bad  guys  to  attack.  But 
that’s  just  a  red  herring.  The  alliance  says  in  a  FAQ  that  information  collected  is 
“intended  to  allow  a  provider  to  document  its  security  practices  without  going  into 
a  level  of  detail  that  would  expose  sensitive  information.  For  example,  a  provider 
will  likely  document  whether  or  not  they  regularly  perform  application  layer 
penetration  testing,  but  would  not  likely  publish  detailed  results  of  web  scanning 
tools”  (see  tinyurl.com/7wmpth6). 

But  STAR  will  only  become  meaningful  if  enough  vendors  partake,  which  will 
require  enterprise  buyers  to  demand  participation  (think  “Show  me  the  Carfax”). 

If  you  don’t  participate,  this  effort  will  collapse,  making  your  job  harder  down  the 
road  when  it  comes  time  to  weigh  potential  suppliers. 

The  good  news:  CSA  Executive  Director  Jim  Reavis  says  more  vendors  are  in 
the  wings  and  may  come  onboard  soon.  Aid  the  cause  by  adding  your  voice  to  the 
chorus  calling  for  this  important  industry  effort. 
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Apple's  soaring  stock 

©  STEVE  JOBS'  CONTRIBUTIONS  were 
certainly  nothing  to  sneeze  at.  But  Apple 
was  not  Steve  Jobs,  and  vice  versa;  Apple 
brings  a  lot  of  other  talent  to  the  table, 
starting  but  not  ending  with  Jonathan  Ive 
and  his  design  team  (Re:  “Apple’s  stock 
has  jumped  50%  since  Steve  Jobs  died”; 
tinyurl.com/7k2qmhc). 

There’s  no  reason  to  assume  Apple  is 
going  to  be  anything  but  a  huge  player 
going  into  the  future,  unless  some 
strange  twist  of  fate  catches  them  off 
guard  and  they  do  something  like  what 
Nokia  did  —  myopically  stare  at  what 
they  had  and  pat  themselves  on  the  back 
assuming  it’s  always  going  to  be  enough, 
and  then  suddenly  go  from  crushing 
market  leader  to  an  also-ran. 

crOft 

Android  developer  offers  insights 

©  AS  AN  ANDROID  developer  for  a  game 
company  (as  well  as  the  CIO)  I  can  hon¬ 
estly  say  that  the  largest  issue  with  the 
Android  OS  is  the  fragmentation.  When  I 
have  to  write  code  that  runs  optimally  on 
3.1, 4.0  and  2.3.5  it’s  ridiculous.  I’d  rather 
write  for  iOS  in  COCOA  than  have  to  deal 
with  the  nuances  of  Java.  One  of  the  main 
points  behind  that 
is  that  you  can’t  deal 
directly  with  the  UI 
on  the  main  thread.  If 
Google  wanted  to  make 
better,  smaller  and 
more  dynamic  apps  it 
would  allow  that  (Re: 

“Developer  interest 
in  Android  slowly 
eroding,  survey  finds”; 
tinyurl.com/6rv2ovh). 

Ronald  Packer  II 

Serious  offer  or  publicity  stunt? 

©  A  STORY  ABOUT  a  $1  offer  for  Cisco’s 
Web  Ex  business  sounds  like  an  early 
April  1  news  story  or  a  brash  and  success¬ 
ful  attempt  by  a  startup  to  promote  itself 
(Re;  “Startup  offers  to  buy  Cisco’s  WebEx 
for  $1”;  tinyurl.com/759y2ku). 

WebEx  Collaboration  Services  have 
been  a  huge  success  for  Cisco  in  terms  of 
revenue  growth  and  furthering  Cisco’s 
reputation  as  an  expert  in  designing  and 
supporting  infrastructure  for  delivering 
network-based  services. 

Mark  Levitt 


Open  standards  belong  in  SDN 

©  SO  IT  SEEMS  that  Cisco  will  develop 
its  own  software-defined  networking 
system  and  tie  it  to  Cisco  ASICs.  I  predict 
that  some  companies  will  blindly  follow 
Cisco’s  vision,  while  the  smarter  ones  will 
recognize  that  it  is  simply  the  continua¬ 
tion  of  a  proprietary  lock-in  strategy  and 
will  go  with  the  open  standard,  freeing 
themselves  from  the  over-priced,  under- 
performing  Cisco  hardware  (Re:  “Cisco 
incubating  software-defined  network 
startup?”  tinyurl.com/6qahebu). 

Eventually,  network  engineers  every¬ 
where  will  begin  wearing  hemp  clothing 
and  singing  songs  of  rebellion  and  free¬ 
dom.  If  open  standards  belong  anywhere, 
it  is  on  the  network.  OpenFlow,  may  you 
emerge,  progress,  free  us  (from  configur¬ 
ing  every  network  device  as  an  indepen¬ 
dent  entity),  live  long  and  prosper!!! 

Kurds  Lawson 

The  cloud  computing  job  outlook 

©  JOB  DEMAND  ALMOST  always 
exceeds  supply  in  new  technology  areas. 
Employers  ask  for  exactly  what  they’d 
prefer;  when  they  find  they  can’t  get  it 
they’ll  consider  people  who  have  the 
right  background  and  some  of  the  right 
skills  (Re:  “Talent 
pool  not  big  enough 
to  meet  skyrocketing 
cloud  computing  job 
demand”;  tinyurl. 
com/6to48gj). 

On-the-job  training 
is  also  a  feature  of 
early  markets. 

amywohl 

©COMPANIES  WHO 
LOOK  at  cloud  as  the 
ticket  to  removing  IT 
are  sadly  mistaken.  Cloud  should  serve 
as  a  gateway  to  evolve  IT  into  more  of  a 
role  of  strategic  tech-empowerment  (Re: 
‘What  the  cloud  really  means  for  your  IT 
job”;  tinyurl.com/7n44var). 

Far  too  many  businesses  fail  to  capital¬ 
ize  on  all  that  today’s  tech  can  mean  to 
their  bottom  line.  An  uptick  in  cloud 
should  help  put  this  in  perspective  —  at 
least  in  proactive  environments  —  by  allo¬ 
cating  IT  toward  strategic/transforma¬ 
tional  roles  rather  then  focusing  entirely 
on  day-to-day  firefighting. 

PeterFretty 


OpenFlow,  may 
you  emerge, 
progress,  free 

us ...  live  long 
and  prosper!!! 
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As  businesses  continue  their  journey  to  the  cloud, 
analysts  and  security  experts  agree  that  risk  management 
practices  must  change.  Trend  Micro  leads  the  way  in 
protecting  businesses  against  today's  sophisticated 
cyber  attacks  by  providing  real-time,  actionable  threat 
intelligence  and  network-wide  visibility  and  control.  With 
our  solutions  you  gain  the  certainty  that  your  data  is  always 
secure  across  all  environments-physical,  virtual  and  cloud. 


trendmicro.com/journey 


Scan  to  download 

IDC  Analyst  Connection:  Server  Security 
for  Today's  Datacenters 
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ISPs  back  cybersecurity 
measures 

A  GROUP  OF  U.S.  ISPs,  including  the  four  largest,  have  com¬ 
mitted  to  taking  new  steps  to  combat  three  major  cybersecurity 
threats,  based  on  recommendations  from  an  FCC  advisory 
committee.  The  ISPs,  including  AT&T,  Comcast,  Time  Warner 
Cable  and  Verizon,  committed  last  to  implement  measures  to 
fight  botnets,  domain  name  fraud  and  Internet  route  hijacking. 

Eight  wired  and  wireless  ISPs,  representing  about  80%  of  the 
broadband  subscribers  in  the  U.S.,  signed  on  to  the  recommen¬ 
dations.  “These  actions  will  have  a  significant  positive  impact  on 
Internet  security,”  FCC  Chairman  Julius  Genachowski  said.  "If 
you  own  a  PC,  you’ll  be  significantly  better  protected  against  your 
computer  [being]  taken  over  by  a  bad  actor,  who  could  destroy 
your  private  files  or  steal  your  personal  information.  If  you  shop  or 
bank  online,  you’ll  be  significantly  better  protected  against  being 
directed  to  an  illegitimate  website  and  having  your  credit  card 
number  stolen.”  tinyurl.com/7h5x8v6 
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the  patent  is  much  broader. 
Google  was  awarded  a  patent 
last  week  for  advertising  based 
on  “environmental  conditions,” 
as  the  search  giant  calls  it  in  the 
patent  documents.  Advertising 
can  be  served  on  the  basis  of  a 
sensor  that  detects  temperature, 
humidity,  sound,  light  or  air 
composition  near  a  device,  and 
ads  are  served  accordingly.  This 
could  mean  that  if  the  Google 
technology  detects  the  sound 
of  the  sea,  advertisements  for 
beach  balls  and  towels  could 
be  served.  The  ad  could  be 
delivered  in  the  form  of 
text  image  or  video, 
sent  to  the  users’ 
device  after 
detecting  the 
environmental 


Google  patents 
ads based  on 
background  noise 

A  NEW  Google  patent  could 
enable  the  search  giant  to  base 
advertising  on  background 
noise  during  phone  conversa¬ 
tions,  although  the  scope  of 
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conditions.  Google  plans  to 
connect  those  conditions  with 
keywords  that  advertisers  can 
buy.  The  patented  technology 
is  meant  for  personal  comput¬ 
ers,  digital  billboards,  digital 
kiosks,  vending  machines 
and  mobile  phones,  tinyurl. 
com/6w6r68l 

Windows  8 
tablet  displays 
can  rival  iPad 

WINDOWS  8 specs  include 
displays  that  are  even  sharper 
than  Apple’s  fabled  Retina 
display,  which  Apple  claims  is  as 
clear  as  the  human  eye  is  capable 
of  seeing.  Microsoft’s  newest 
operating  system  supports  a 
10.1-inch  tablet  screen  with  291 
pixels  per  inch  resolution,  the 
company  says  in  its  Building 
Windows  8  blog.  That  compares 
to  the  new  iPad  with  265  ppi.  But 
because  Microsoft  doesn’t  build 
its  own  hardware,  it  doesn’t 
demand  that  tablet  screens  or 
any  other  screen  meet  a  single 
requirement  as  Apple  can  with 
the  iPad.  As  a  result,  Windows 
8  calls  for  three  standard  scal¬ 
ing  percentages  that  ensure 
applications  written  for  the 
operating  system  are  functional 
and  attractive  no  matter  what 
size  screen  they  are  on,  so  long  as 
they  meet  the  minimum  display 
specs,  according  to  a  blog  post 
written  by  David  Washington,  a 
senior  program  manager  on  the 
Windows  user-experience  team. 
tinyurl.com/6pqgkxd 

Meg  Whitman 
fluffs  HP's  age 

MEG  WHITMAN  has  spent 
her  first  six  months  at 
Hewlett-Packard  talk¬ 
ing  to  customers  and 
employees  and  learning 
how  the  business 


Doing  the 
‘security  card 
bump’ 

Netbuzz  author  Paul 
McNamara  shows  you 
the  two  most  common 
ways  to  enter  a  door  that 
has  physical  security 
cards  —  the  "wallet  swipe 
and  the  “butt  bump.”  At 
least,  that's  what  most 
men  seem  to  do. 
tinyurl.com/7t2csza 


works,  but  apparently  she  didn’t 
get  much  of  a  history  lesson. 

“HP  will  be  70  in  2014,”  she  said 
proudly  at  HP’s  annual  share¬ 
holder  meeting  last  week.  Few 
Silicon  Valley  companies  can 
boast  such  longevity,  she  said, 
and  her  job  now  is  to  set  HP  up 
for  “the  next  70  years.”  It’s  a  line 
Whitman’s  been  using  for  the 
past  few  months.  The  only  trou¬ 
ble  is,  it  appears  to  be  wrong,  as 
an  elderly  shareholder  gently 
pointed  out  to  her.  “I  believe  HP 
was  founded  in  1939,”  he  said 
during  a  question-and-answer 
session.  Wouldn’t  that  make  HP 
75  in  2014?  According  to  the  his¬ 
tory  section  of  HP’s  website,  he’s 
right.  “For  three  or  four  months 
I’ve  been  telling  people  we’re 
going  to  set  HP  up  for  the  next 
70  years  because  we’re  70  years 
old,  and  you’re  the  first  person 
to  correct  me  on  that  so  thanks 
very  much,”  Whitman  said. 
tinyurl.com/86yytja 

US  accuses  AT&T 
of  profiting 
from  scammers 

THE  FEDERAL  government 
last  week  issued  a  complaint 
against  AT&T  that  accuses  the 
telecom  giant  of  bilking  U.S. 
customers  out  of  millions  of 
dollars  by  willfully  failing  to 
address  rampant  abuse  of  a 
system  designed  to  help  the 
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NEC  to  help  sense 
earthquakes 


NEC  SAYS  it  will  add  earthquake 
sensors  to  the  growing  set  of  devices  that 

work  on  its  cloud-based  network  platform.  A  year 
after  the  Japan  earthquake  and  tsunamis,  the 
company  said  it  will  team  up  with  a  Japanese 
firm  called  aLab,  which  has  designed  a  net¬ 
worked  device  about  the  size  of  a  home  router 
that  can  detect  minute  acceleration  in  three 
directions.  NEC  will  manufacture  the  devices  and 
offer  them  as  part  of  its  Connexive  platform,  which 
exchanges  data  with  and  analyzes  information  from 
devices,  appliances  and  automobiles. 


Mixed  messages  on 
app  security 


A  RECENT  study  by  the  Ponemon  Institute  of  more 
than  800  IT  executives  found  a  striking  discon¬ 
nect  between  perceptions  of  security  controls 
between  developers  and  security  professionals. 
Developers  largely  say  applications  run  by  their 
enterprise  are  not  secure,  while  security  profes¬ 
sionals  are  more  optimistic.  Seven  in  10  develop¬ 
ers  say  security  is  not  adequately  addressed  in  their 
applications,  but  only  half  of  security  officers  believe 
that.  Almost  80%  of  developers  said  they  have  no 
process,  or  simply  an  ad  hoc  process,  for  building 
security  controls  into  their  apps.  But  only  64%  of 
security  personnel  said  the  same. 


Burning  questions 
about  the  new  iPad 


CONSUMER  REPORTS  last  week  said  that  the  new 
iPad  can  hit  temperatures  as  high  as  116  degrees 
Fahrenheit  when  performing  tasks  that  tax  the 
device's  processor.  The  publication  said  that  the 
new  iPad  was  significantly  hotter  than  the  iPad  2 
when  tested  under  the  same  conditions.  Still, 
an  editor  said:  “It  felt  very  warm 
but  not  especially  uncom¬ 
fortable  if  held  for  a  brief 
period."  Apple  says  that 
the  new  product  operates 
well  within  its  thermal 


Amazon  tops  cloud  speed  test 

investigating  the  amount  of  time  it  takes  to  transfer 
12  TB  of  data  from  one  cloud  to  another  shows  there  can  be 
up  to  a  25  times  difference  in  transfer  speed  among  provid¬ 
ers.  Nasuni,  which  provides  cloud  storage  using  various 
public  clouds,  tested  how  long  it  took  to  transfer  the  data 
between  Amazon  Web  Services  Simple  Storage  Service 
(S3),  Microsoft  Azure  and  Rackspace.  The  company  used  22 
million  files  of  mixed  sizes,  with  each  file  having  an  average 
size  of 550KB.  Transferring  into  AWS  from  Microsoft  Azure 
was  the  fastest  and  transferring  data  from  AWS  to  Rack- 
space  was  the  slowest.  For  example,  transferring  from  one 
bucket  of  AWS'  S3  servers  to  another  set  of  S3  servers  took 
four  hours.  Transferring  from  S3  to  Azure  took  40  hours 
and  transferring  from  S3  to  Rackspace  took  115  hours,  or 
almost  five  days,  tinyurl.com/748g92s 


hearing  impaired.  The  system, 
called  IP  Relay,  lets  people  place 
calls  by  typing  messages  over 
the  Internet  and  is  funded  by 
telephone  customers,  who  pay 
into  a  fund  that  reimburses 
carriers  $1.30  per  minute. 
However,  the  system  has  been 
so  abused  by  foreign-based 
scammers  that  the  FCC  in  2009 
issued  a  mandate  to  carriers 
that  they  verify  users.  The  U.S. 
Department  of  Justice  alleges 

that  AT&T  has  will¬ 
fully  violated  that 
mandate  because 
the  fraudulent  calls 
“accounted  for  up 
i.  ^  to  95%  of  AT&T’s 
call  volume.” 
AT&T’s  reply:  “As 
the  FCC  is  aware,  it  is  always 
possible  for  an  individual  to 
misuse  IP  Relay  services,  just  as 
someone  can  misuse  the  postal 
system  or  an  e-mail  account, 
but  FCC  rules  require  that  we 
complete  all  calls  by  custom¬ 
ers  who  identify  themselves  as 
disabled.” 

tinyurl.com/89pgtlu 


Study:  US 
broadband 
adoption 
levels  off 

ADOPTION  OF  broadband 
service  in  the  U.S.  has  leveled 
off  since  2009,  and  the  U.S. 
government  and  the  tech  and 
broadband  industries  will  need 
to  work  more  closely  together  to 
drive  up  subscriber  numbers, 
according  to  a  new  study.  The 
U.S.  Federal  Communications 
Commission  found  that  65%  of 
U.S.  residents  had  broadband 
at  home  in  2009,  while  the  U.S. 
National  Telecommunications 
and  Information  Administra¬ 
tion  found  68%  with  broadband 
in  late  2011,  noted  the  study  by 
TechNet,  an  advocacy  group 
made  up  of  technology  CEOs. 
More  coordination  of  broadband 
initiatives  is  needed,  said  report 
author  John  Horrigan,  TechNet’s 
vice  president  of  policy  research 
and  a  longtime  broadband 
researcher. 

tinyurl.com/77w9dx6 
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BUILT  FOR  THE  FUTURE. 


Microsoft  Private  Cloud  Solutions 

In  the  future,  your  datacenter  will  need  to  be  a  profit  center. 

Go  with  a  private  cloud  solution  that  doesn't  charge  per  VM. 
Learn  more  at  Microsoft.com/readynow 


Windows  Server 


Microsoft* 

System  Center 


permutations.  Each  file  system,  and  test  that. 
Which  directory  structure,  and  test  that.  And 
the  result  of  all  of  those  tests  and  benchmarks 
is  a  strong  set  of  opinions  about  the  right  way 
to  do  it  for  an  enterprise  cloud. 

Why  do  we  need  OpenStack? 

We’re  moving  out  of  the  information  age  and 
into  the  data  age.  The  pioneers  in  the  cloud 
infrastructure  space  really  are  the  Googles 
and  the  Facebooks  and  the  Twitters,  only 
because  they  had  no  choice.  It  became  the 
thing  that  made  their  business  viable.  When 
you’re  making  a  fraction  of  a  penny  per  query, 
you  need  every  query  to  happen  as  cheaply 
as  possible.  And  enterprises  are  starting  to 
make  this  transition  into  the  data  age  as  well, 
striving  for  those  kinds  of  efficiencies.  So 
there’s  the  trend  of  doing  what  you  have  been 
doing  but  for  less  money,  but  there’s  also  the 
pressure  to  be  able  to  do  entirely  new  things. 
There  are  things  that  are  possible  with  mas¬ 
sive  amounts  of  compute  or  storage  resources 
that  have  never  been  possible  before.  There  are 
insights  that  can  be  gleaned  from  data  once 
you  have  the  capability  to  store  and  analyze 
that  data.  The  challenges  of  doing  it  without 
cloud  are  enormous.  Actually  there’s  no  way 
to  manage  infrastructure  at  scale  without  hav¬ 
ing  it  ending  up  looking  like  cloud.  OpenStack 
is  the  next  step  in  the  evolution  of  computing. 

Where  do  you  guys  fit  in? 

We  are  The  Enterprise  OpenStack  Company. 
We  are  intensely  focused  on  just  one  thing, 
and  that’s  making  OpenStack  suitable  for 
enterprise.  Rackspace  says  they  are  the  Open- 
Stack  company,  but  at  heart  they  are  actu¬ 
ally  a  hosting  service  provider  and  fanatical 

►  See  Piston, page  16 
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Making  the 
tough  cloud 
decisions 


Ioshua  McKenty,  co¬ 
founder  and  CEO  ofPiston 
Cloud  was  in  on  the  ground 
floor  of  OpenStack’s  creation, 
working  as  he  was  on  the 

Anso  Labs  team  at  NASA  to  build  a  compute  cloud  on  top  of  open 
source  platform  Eucalyptus.  The  team  eventually  gave  up  on  that 
and  wrote  Nova,  which  NASA  uses  today  to  power  its  Nebula  Cloud  environ¬ 
ment,  and  Nova  was  ultimately  contributed  to  the  OpenStack  project,  which 
it  formed  with  Rackspace.  McKenty  left  NASA  after  Anso  was  acquired 
by  Rackspace  in  2010,  and  formed  Piston  Cloud  in  2011  with  co-founders 
Gretchen  Curtis  (also  of  NASA)  and  Christopher  MacGown  of  Rackspace. 
Network  World  Editor  in  Chief  John  Dix  recently  caught  up  with  McKenty  for 
a  deep  dive  on  why  OpenStack  matters  and  where  Piston  Cloud  fits  in. 


Why  form  Piston  Cloud? 

When  OpenStack  launched  and  vendors 
started  joining  in,  most  of  the  development 
focus  was  on  what  service  providers  needed 
to  operate  at  scale,  and  not  what  enterprise 
needed  as  far  as  security,  regulatory  com¬ 
pliance,  ease  of  use  and  performance.  So  we 
kicked  off  Piston  Cloud  with  a  focus  on  mak¬ 
ing  an  OpenStack  distribution  specifically 
geared  toward  enterprise,  and  solving  some 
of  the  really  hard  security  problems.  Our 
first  product  is  Piston  Enterprise  OS,  and  it’s 
essentially  a  very  opinionated  distribution  of 
OpenStack  that  addresses  the  issues  around 
making  it  easy  to  build  a  private  cloud  envi¬ 
ronment  that  meets  regulatory  requirements. 

Opinionated? 

OpenStack  supports  six  different  hypervi¬ 
sors  and  five  network  models  and  three  dif¬ 
ferent  ways  you  can  configure  the  storage 
backend.  So  there  are  a  vast  number  of  config¬ 
urations  of  OpenStack  that  don’t  work  at  all. 
And  there  are  a  number  of  features  that  are 
only  available  given  specific  configurations. 

Consider  live  migration,  a  feature  every¬ 
body  wants.  How  do  I  move  a  running  VM 
from  one  server  to  another?  It  works  really 


well  with  OpenStack  but  only  if  you  are 
using  the  right  hypervisor  on  the  right  shared 
storage  backend  with  the  right  network  con¬ 
figuration  and  a  little  bit  of  sophisticated 
understanding  of  your  underlying  hardware 
configuration.  Look  at  Red  Hat.  Linux  itself 
supports  a  number  of  different  hypervisors. 
Red  Hat  supports  one.  So  the  distribution  is 
the  opinionated  version  of  the  software  that 
is  fit  for  a  specific  use  case. 

We  only  support  one  hypervisor.  We  only 
support  one  network  model.  We  only  support 
one  method  of  storage.  And  we  support  that 
really,  really  well.  So  we  can  guarantee  bench¬ 
marks  on  performance  given  a  certain  set  of 
hardware  because  we’re  only  supporting  a 
configuration  we  know  can  achieve  the  opti¬ 
mal  performance  for  a  given  use  case. 

These  are  the  same  decisions  I  had  to  make 
when  I  was  running  a  cloud  for  NASA  and 
the  White  House.  The  White  House  was  run¬ 
ning  a  Greenplum  database  which  has  enor¬ 
mous  requirements  for  disk  I/O.  So  to  achieve 
those  requirements  I  was  forced  to  make  a 
whole  set  of  decisions  about  how  do  we  con¬ 
figure  the  JBOD,  how  do  we  configure  the 
RAID  controllers  and  what  was  the  striping 
width,  then  we  had  to  test  that  in  hundreds  of 
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According  to  the  highly  respected  NSS  Labs,  “For  high-end  multi-gigabit 
environments  looking  to  upgrade  defenses  from  their  current  firewall  to 
a  next-generation  firewall,  the  advanced  architecture  of  the  SonicWALL 
SuperMassive™  El  0800  running  SonicOS  6.0  provides  an  extremely  high 
level  of  protection  and  performance.  Those  that  consider  the  SonicWALL 
brand  to  be  associated  only  with  SMB  UTM  products  will  need  to  reevaluate 
their  opinion.”  We  couldn’t  agree  more. 

Get  SuperMassive  performance  from  your  Next-Gen  Firewall.- 
Visit  sonicwall.com/nss  to  learn  why  NSS  Lairs  rated  .us  so  highly. 
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TREND  ANALYSIS 


Cloud  security  registry  slow  to  catch  on 


BYBRANDON  BUTLER 

LAST  AUGUST  the  Cloud  Security  Alliance 
(CSA)  announced  at  the  Black  Hat  security 
conference  in  Las  Vegas  a  registry  that  it 
hoped  would  serve  as  a  place  for  prospective 
cloud  users  to  go  to  easily  inspect  and  com¬ 
pare  cloud  vendors’  security  controls.  But  to 
date,  only  three  companies  have  submitted 
their  cloud  security  data,  making  the  registry 
of  limited  use. 

The  Security,  Trust  and  Assurance  Regis¬ 
try  (STAR)  is  designed  to  index  the  security 
features  of  cloud  providers  using  a  170-point 
questionnaire  that  end  users  are  then  able  to 
peruse.  Soon  after  the  CSA  announced  STAR, 
big  names  such  as  Google,  Intel,  McAfee,  Ver¬ 
izon  and  Microsoft  all  agreed  to  take  part.  So 
far  though,  Microsoft  is  the  only  one  of  that 
group  to  have  followed  through. 

Kyle  Hilgendorf,  a  Gartner  analyst  who 
tracks  the  cloud  industry,  is  disappointed 
more  providers  have  not  signed  up  for  the  reg¬ 
istry.  It  has  the  potential  to  provide  valuable 


insight  for  end  users,  but  only  if  there  is  a  criti¬ 
cal  mass  of  companies  in  the  registry,  he  says. 

If  you  only  have  three,  four  or  five  provid¬ 
ers,  that  doesn’t  add  a  whole  lot  of  perspective 
on  the  entire  market,”  Hilgendorf  says. 

CSA  Executive  Director  Jim  Reavis 
remains  bullish  on  the  program  and  says 
by  the  end  of  the  year  he  expects  the  registry 
to  be  more  complete.  Several  providers,  he 
says,  are  in  the  late  stages  of  making  submis¬ 
sions  to  the  registry.  “Everything  starts  from 
scratch,”  he  says. 

One  issue  that  could  be  holding  back  adop¬ 
tion  is  what  information  providers  are  willing 
and  able  to  disclose.  Jon  Heimerl  is  director 
of  security  strategies  at  Solutionary,  a  man¬ 
aged  security  services  provider,  and  one  of 
three  companies  that  has  submitted  to  STAR. 
Mimecast,  a  cloud-based  email  optimization 
and  security  service,  is  the  third. 

When  filling  out  Solutionary’s  submis¬ 
sion  Heimerl  says  there  was  a  fine  line  that 
had  to  be  drawn  between  how  much  mean¬ 
ingful  information  can  be  divulged  without 


creating  a  security  risk. 

“We  made  our  best  effort  to  answer  the 
questions  as  clearly  as  possible  without 
revealing  too  much  of  the  secret  sauce  of 
our  security  protocols,”  he  says.  One  way 
Solutionary  did  that  was  by  giving  general 
answers  to  some  questions  and  encouraging 
interested  customers  to  contact  the  company 
if  they  need  additional  information. 

For  example,  Heimerl  says  when  answer¬ 
ing  a  question  about  encryption  of  informa¬ 
tion,  the  company  answered  that  it  uses  a  256- 
byte  encryption  code  and  device  hardening 
methods.  It  did  not,  however,  divulge  exactly 
what  those  device  hardening  methods  are. 

STAR  organizers  say  the  registry  is  meant 
to  be  a  high-level  overview  of  cloud  security 
practices  from  vendors,  not  to  divulge  infor¬ 
mation  that  could  compromise  a  provider’s 
network  or  consumer’s  data. 

“The  information  we  ask  for  is  not  to  the 
level  of  detail  that  would  create  a  security 
risk,"  Reavis  says.  Still,  he  admits  there  is  a 

►  See  Cloud, page  16 


Cisco  helps  users  welcome  BYOD 


BY  JIM  DUFFY 

CISCO  IS  taking  this  BYOD  thing  seriously.  The 
company  this  week  unveiled  new  and  enhanced 
products  designed  to  specifically  manage  yet  opti¬ 
mize  a  workplace  for  employees  plugging  in  their 
own  personal  devices. 

Cisco  enhanced  its  Identity  Services  Engine 
(ISE)  policy  manager  and  wireless  LAN  software, 
and  rolled  out  two  new  management  applications 
to  help  enterprises  support  BYOD.  It  might  also 
help  them  attain  the  best  and  brightest  —  Cisco 
studies  have  concluded  that  40%-plus  of  college 
students  and  young  employees  would  give  up  a 
chunk  of  their  compensation  just  to  plug  in  their 
iPersonal  Device  at  work. 

The  extensions  in  ISE  1.1MR  are  designed  to 
deliver  unified  policy  management  across  wired, 

WLAN,  cellular  and  VPN  access.  The  software 
allows  users  to  self-provision  devices  with  appropriate  access  and  ser¬ 
vice  policies,  and  mobile  management  capabilities.  IT  defines  ISE  poli¬ 
cies  to  manage  devices  and  control  endpoint  access,  and  remotely  wipe 
lost  or  stolen  devices.  Policies  are  set  and  enforced  based  on  device, 
users’  roles,  applications  and  posture  information,  and  users  can  then 
self-provision  activation  at  a  time  convenient  to  them  —  and  perhaps 
always  inconvenient  to  IT. 

To  help  reassure  IT,  Cisco  said  it  is  working  with  several  mobile 
device  management  (MDM)  vendors,  including  AirWatch,  Good  Tech¬ 
nology,  Mobilelron  and  Zenprise,  to  add  their  software  to  ISE.  And  for 


users,  Cisco  hopes  the  self- provisioning  aspect  will 
keep  them  from  trying  to  break  IT  access  policies 
—  Cisco’s  internal  studies  have  found  that  70% 
of  employees  worldwide  admit  that  they  break 
IT  policies,  with  20%  of  them  citing  the  need  to 
access  unauthorized  programs  and  applications 
to  get  their  job  done. 

For  the  user  experience,  Cisco  rolled  out  Unified 
Wireless  Network  Software  7.2.  This  update  dou¬ 
bles  multicast  video  scalability,  enables  a  single 
Cisco  controller  to  support  3,000  access  points 
and  30,000  devices,  and  adds  IPv6  client  sup¬ 
port.  Cisco  says  7.2  will  also  add  real-time  video  to 
its  WebEx  and  Jabber  collaboration  applications 
on  a  Cisco  network,  and  allow  users  to  tune  in  to 
company  video  events  on  the  device  and  location 
of  their  choice. 

To  manage  all  of  this  freedom,  Cisco  introduced 
Prime  Assurance  Manager  1.1,  which  is  designed  to 
provide  comprehensive  visibility  into  application  performance  across 
wired/wireless  networks  and  end  devices.  IT  can  decipher  and  track 
the  user’s  application  performance,  spot  the  location  of  a  performance 
problem  and  quickly  correct  it,  Cisco  says. 

Another  new  application.  Prime  Infrastructure  1.1,  is  intended  to 
deliver  life  cycle  management  across  the  wired/wireless  infrastructure 
down  to  the  individual  branch. 

The  new  Prime  applications  and  7.2  of  Unified  Wireless  Network 
Software  are  available  now.  ISE  1.1MR  will  be  available  this  summer; 
MDM  integration  by  the  end  of  the  year.  ■ 
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Only  pay  for  what  you  need. 

Change  your  server  specifications  anytime! 

■  Adaptable  with  up  to  6  CPU,  24  GB  of  RAM,  and  800  GB  hard  drive  space 

■  On-the-fly  resource  allocation  -  hourly  billing 

■  Dedicated  resources  with  full  root  access 

■  Linux  or  Windows®  operating  systems  available  with 
Parallels®  Plesk  Panel  10.4 

■  Free  SSL  Certificate  included 

■  2,000  GB  Traffic 
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3  MONTHS 


24/7  Hotline  and  Support 

1&1  servers  are  housed  in  high-tech  data  centers  owned 
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►  Piston ,  from  page  12 

support  company.  Fundamentally,  they  will 
probably  do  the  best  damn  job  of  anyone  sup¬ 
porting  people  running  OpenStack.  And  they 
will  sell  that  support  unilaterally  across  SMBs, 
midmarket  and  large  enterprise.  But  they’re 
not  a  software  company.  And  at  the  end  of  the 
day  they  have  built  a  company  and  a  workforce 
focused  on  selling  services  and  support. 

We  are  very  single-minded  and  only  do 
one  thing:  Make  OpenStack  software  for  the 
enterprise.  But  we  believe  we  do  it  better  than 
anyone  else  because  we  are  extremely  focused 
and  because  we  happen  to  be  experts  in  this 
area.  I  was  the  technical  architect  of  Nebula, 
the  project  at  NASA  that  eventually  became 
OpenStack  compute.  Half  of  our  engineer¬ 
ing  team  also  came  out  of  NASA,  working  on 
some  seriously  complex  security  problems. 

My  co-founder  Gretchen  Curtis  worked 
with  me  at  NASA  and  helped  write  the  Fed¬ 
eral  Cloud  Computing  Strategy  with  Vivek 
Kundra’s  team  at  OMB,  and  my  other  co¬ 
founder,  Christopher  MacGown,  worked 
on  some  of  the  earliest  implementations  of 
OpenStack  storage  at  Rackspace. 

We  continue  to  be  core  contributors  to  the 
open  source  project,  and  I  sit  on  the  project 
policy  board.  We  haven’t  really  done  any¬ 
thing  that  adds  functionality  to  the  cloud 
experience.  All  we’ve  done  is  write  code  that 
makes  OpenStack  really  easy  to  deploy  and 
manage  for  enterprise  users  because  that’s 
what  we  know  best.  And  we  are  extremely 
proud  of  the  high-availability  security  and 
configuration  pieces  that  we’ve  crafted.  These 
components  are  very  opinionated  and  specifi¬ 
cally  focused  on  an  enterprise  private  cloud 


environment;  they’re  not  for  everyone.  For 
example,  they’re  not  really  suitable  for  public 
cloud  service  providers. 

We  are  also,  I  believe,  the  only  OpenStack 
distribution  that  is  only  an  OpenStack  distri¬ 
bution.  Midokura  has  a  distribution  but  they 
are  also  doing  networking  software,  which  is 
their  core  competence.  They  did  a  distribu¬ 
tion  largely  to  jump-start  selling  their  net¬ 
work  software. 

Is  there  a  danger  of  too  many 
distributions  surfacing  and 
segmenting  the  market? 

I  don’t  think  so.  The  major  players  are  all 
announced.  Canonical  has  a  distribution 
that  I  think  will  appeal  to  people  that  buy 
from  Canonical,  and  they  do  a  great  job  on 
the  free  side,  so  that  will  be  popular.  StackOps 
has  a  certain  European  flavor.  They  really  are 
focused  on  a  developer-friendly  download¬ 
able.  You  can  boot  up  a  cloud  in  a  disk  image, 
which  is  cool,  but  it’s  not  how  you  would 
deploy  a  production  environment.  They’re 
really  using  it  as  a  gateway  to  sell  their  pro¬ 
fessional  services. 

I  don’t  think  Red  Hat’s  going  to  come  out 
with  a  distribution.  So  I  don’t  think  there 
will  be  a  lot  of  pure-play  distribution  compa¬ 
nies.  There  will  be  folks  like  Nebula  doing  an 
appliance,  and  there  will  be  others  doing  an 
OpenStack  API  on  top  of  whatever  their  prod¬ 
uct  is,  which  is  interesting  for  some  use  cases, 
but  not  the  same  as  having  a  distribution. 

As  far  as  fragmentation,  even  if  there  are 
100  distributions  like  the  early  days  of  Linux, 
as  long  as  we’re  all  compatible  with  Open- 
Stack,  as  long  as  we’re  all  interoperable,  we 


won’t  end  up  with  a  fragmented  ecosystem. 
And  I  think  that’s  really  the  important  part. 
Linux  did  a  pretty  good  job  of  this.  You  can 
still  take  dev  packages  from  Debian  and  install 
them  on  Ubuntu  and  99%  of  the  time  it  works. 

So  the  strong  standards  in  place  for  Open- 
Stack  will  really  help.  Bear  in  mind  I’m  the 
chair  of  the  Faithful  Implementation  Test 
(FIT)  working  group.  And  the  goal  of  that  is 
to  define  the  test  a  distribution  or  a  product 
has  to  pass  in  order  to  be  called  OpenStack, 
whether  it’s  powered  by  OpenStack  or  built 
on  OpenStack  or  OpenStack  compatible  or 
compatible  with  OpenStack  storage.  You  have 
to  be  not  just  interoperable,  but  you  actually 
have  to  be  almost  100%  the  same  implemen¬ 
tation  code. 

For  a  while  I  thought  Citrix  was  our 
most  viable  competitor.  I  was  really  excited 
because  they’re  a  big  company  and  they  had 
a  big  commitment  to  OpenStack.  They’ve 
sort  of  changed  focus  a  bit  with  the  Cloud, 
com  acquisition,  but  they  still  have  some 
really  smart  folks  focused  on  OpenStack  and 
Project  Olympus.  So  when  they  bring  that  to 
market,  the  best  thing  that  can  happen  is  that 
Project  Olympus  is  an  enormous  success  and 
is  100%  compatible  with  OpenStack,  because 
then  you’ve  got  a  distribution  of  OpenStack 
on  Xen  supported  by  Citrix,  and  the  distri¬ 
bution  of  OpenStack  on  KVM  supported  by 
Piston  Cloud.  H 


Head  online  to  read  more  from  this 
interview,  tinyurl.com/89terg3 


►  Cloud ,  from  page  14  process  providers  must  go  through  to  bal¬ 

ance  what  security  information  they  make 
public.  Reavis  says  any  cloud  provider  has  the  information  STAR  asks 
for  —  the  question  is  how  each  provider  chooses  to  publicize  it. 

Another  reason  some  providers  may  be  holding  back  from  partici¬ 
pating  in  STAR,  Hilgendorf  says,  is  that  they  already  release  much  of 
this  information  in  different  formats.  Amazon  Web  Services,  Google 
and  others  have  sections  of  their  websites  dedicated  to  security  con¬ 
trols.  Some  providers,  Hilgendorf  says,  could  be  weighing  the  value 
of  submitting  information  to  the  CSA’s  registry  if  the  information  is 
already  made  available  elsewhere.  There  are  also  other  security  certi¬ 
fication  standards,  such  as  the  International  Organization  of  Standards 
(ISO)  compliance,  Payment  Card  Industry  (PCI)  compliance  and  the 
Federal  Information  Security  Management  Act  certification  (FISMA). 
If  an  organization  is  already  FISMA  compliant,  Hilgendorf  wonders  if 
it  would  also  feel  a  need  to  register  with  the  CSA. 

Reavis  says  the  questionnaire  is  loosely  based  on  some  of  those  certi¬ 
fications  and  asks  for  some  of  the  same  type  of  information. 

Hilgendorf  says  it’s  useful  information  for  customers.  The  question¬ 
naire,  which  can  be  downloaded  from  the  CSA’s  website,  asks  provid¬ 
ers  to  answer  170  yes  or  no  questions,  and  leaves  space  for  additional 


comments.  Topics  range  from  compliances  and  certifications  the 
providers  have  received,  to  how  customer  data  is  stored  in  the  cloud. 
Other  questions  pertain  to  whether  customers  can  access  providers’ 
audit  information,  and  what  types  of  audits  and  vulnerability  tests  the 
provider  conducts.  There  are  questions  about  how  data  is  segmented 
to  ensure  information  from  multiple  customers  is  not  mixed  together 
and  there  are  questions  about  physical  security  of  the  data  centers,  for 
example.  These  are  important  questions  that  customers  either  ask,  or 
should  be  asking  of  service  providers,  Hilgendorf  says. 

For  providers,  it’s  a  way  for  them  to  prove  they  are  serious  about 
security,  says  Orlando  Scott-Cowley,  product  marketing  manager  at 
Mimecast,  one  of  the  three  companies  that  has  submitted  a  STAR  entry. 

“Anyone  can  claim  they’re  a  cloud  provider,  but  to  actually  make 
your  controls  available  and  open  through  this  registry  was  important 
to  us,”  he  says.  “We’re  not  giving  away  anything  proprietary  about  how 
the  data  is  protected,  but  it  does  show  to  customers  that  we’re  open  to 
talking  about  this.” 

Hilgendorf  expects  perhaps  the  registry  may  turn  into  a  spot  for  small 
and  midsize  providers  to  showcase  their  security  controls  as  a  way  to 
differentiate  themselves  in  the  market.  But,  he  says,  the  registry  will 
gain  true  value  if  some  of  the  CSA’s  other  130  members  participate.  ■ 
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►  iPad,  from  page  1 

over  Wi-Fi.  “Therefore,  the  [wireless]  net¬ 
work  became  quite  important,”  says  CIO  Dale 
Potter.  “We  invested  a  mound  of  money  in  the 
network  [in  summer  2011].” 

The  hospital  picked  Aruba  Networks  to 
design  and  deploy  a  Wi-Fi  network  that  cur¬ 
rently  numbers  nearly  1,600  802.11n  access 
points.  “No  one  could  answer  me  when  I 
asked,  ‘What  will  happen  when  we  scale  to 
3,000  iPads  by  year-end,  and  even¬ 
tually  to  about  the  same  number  of 
other  iOS  devices?’”  Potter  recalls. 

Aruba  CEO  Dominic  Orr  called 
in  the  Aruba  Customer  Engineering 
(ACE)  team,  a  small,  elite  consulting 
group  that  among  other  things  han¬ 
dles  the  toughest,  most  baffling  chal¬ 
lenges  that  the  vendor  encounters  in 
enterprise  deployments. 

Based  on  their  experience  over 
the  past  couple  of  years  with  enter¬ 
prise  WLANs,  ACE  has  identified 
a  range  of  issues  that  these  networks  face 
with  the  surge  in  iOS  and  Android  mobile 
devices,  according  to  Chuck  Lukaszewski, 
senior  director  of  Aruba’s  professional  ser¬ 
vices  group,  and  the  ACE  team.  Currently, 
iPhones  and  iPads  overall  remain  the  most 
popular  brands  of  new  smartphones  and 
tablets  in  the  enterprise. 

“We’re  seeing  extremely  rapid  increases  in 
the  aggregate  number  of  mobile  devices  on 
customer  networks,  across  all  sizes  of  orga¬ 
nizations,”  says  Lukaszewski.  Especially  in 
higher  education,  numbers  are  doubling  or 
tripling  from  year  to  year. 

The  issues  confronting  IT  groups  include 
changes  in  RF  design  and  the  appropriate 
level  of  access  point  density;  poor  device 
roaming;  and  new  and  different  loads  on 
the  WLAN’s  control  path  —  the  demand  for 
authentication  services,  for  IP  addresses, 
license  management,  multicast  and  broad¬ 
cast  traffic  spikes. 

RF  design,  density:  For  years,  an  industry 
rule  of  thumb  was  to  deploy  one  access  point 
for  every  3,600  to  5,000  square  feet  for  data 
networks,  and  for  every  2,500  square  feet  for 
VoIP.  ACE  routinely  now  goes  with  the  higher 
density  for  mobile  device  deployments. 

There  are  two  key  benefits,  Lukaszewski 
says.  One  is  better  Wi-Fi  signal  levels.  Virtu¬ 
ally  all  smartphones  and  tablets  with  802.11n 
radios  support  only  one  data  stream,  and  use 
one  antenna.  As  a  result  they  cannot  make 
use  of  techniques  like  Maximal  Ratio  Com¬ 
bining  (MRC),  which  can  exploit  multiple 
streams  and  antennas  to  boost  the  signal-to- 
noise  ratio  on  the  radio  link. 

Many  mobile  Wi-Fi  radios  are  actually 
quite  powerful  in  terms  of  transmit  power. 
The  iPhone  4S  and  iPad,  and  many  other 


devices,  use  Broadcom’s  BCM4329  chipset, 
which  “easily  rivals  or  exceeds  the  power  of 
many  laptop  chipsets,”  Lukaszewski  says. 
The  “weakness”  lies  in  the  receiver’s  more 
limited  capacity  to  process  inbound  frames 
and  the  inability  to  fall  back  on  MRC  to  com¬ 
pensate  if  the  signal  is  impaired.  “They’re 
more  vulnerable  to  frame  loss  than  a  multi¬ 
antenna  device,”  he  says.  “So  keeping  the  sig¬ 
nal  levels  high  compensates  for  this.” 


As  a  second  benefit,  the  greater  number  of 
access  points  can  handle  the  growing  client 
population.  Enterprise  users  increasingly 
have  two  or  more  mobile  devices  per  person. 
“If  we  have  more  devices  in  the  same  space 
[than  planned],  I  need  additional  APs  to  sup¬ 
port  them,”  Lukaszewski  says.  Aruba  and 
most  other  WLAN  vendors  have  various 
techniques  to  distribute  devices  across  other 
access  points. 

The  real  limiting  factor  is  “how  much  data 
you  can  actually  put  on  a  wireless  channel,” 
Lukaszewski  says.  “If  you  slice  this  ‘pie’  too 
thin,  they  won’t  get  the  throughput  they  need. 
...  Customers  are  used  to  seeing  ‘300Mbps’ 
on  access  point  product  literature.  But  these 
mobile  devices  don’t  run  close  to  that.” 

Mobile  devices  today  typically  will  have 
an  802. lln  radio  that  supports  one  data 
stream  and  has  one  antenna,  and  can  only 
use  the  conventional  20MHz  wide  channel 
(802.11n  gains  a  lot  of  throughput  by  bond¬ 
ing  two  of  these  into  a  “fatter”  40MHz  chan¬ 
nel,  and  using  two  or  more  antennas).  “That 
means  the  highest  data  rate  they  can  achieve 
is  65Mbps,  the  maximum  single-stream  rate 
without  bonding  two  channels  together,” 
Lukaszewski  says.  And  actual  throughput 
will  be  even  less:  in  the  area  of  40Mbps. 

“If  I  can  get  40Mbps  of  throughput  on  the 
access  point,  and  I  want  an  average  of  1Mbps 
per  device,  I  can  only  have  40  devices”  on  one 
access  point,  Lukaszewski  says. 

Channel  challenges:  Just  when  enter¬ 
prises  have  finally  begun  aggressively 
embracing  the  open  5GHz  band,  first  net- 
books,  and  then  smartphones  and  other 
portable  devices  arrived  with  radios  that 
run  only  in  the  2.4GHz  band.  Besides  being 
crowded  with  devices,  the  2.4GHz  band  has 


only  three  non-overlapping  Wi-Fi  channels 
(tablets,  like  the  iPad,  run  also  on  the  5GHz 
band,  which  can  have  up  to  21).  With  lots  of 
access  points  in  a  small  area,  avoiding  chan¬ 
nel  overlap  can  be  tricky. 

“These  devices  are  technologically  tak¬ 
ing  us  back  about  two  years  from  a  spectrum 
management  perspective  while  at  the  same 
time  we’re  adding  many,  many  more  devices 
into  the  environment,”  Lukaszewski  says. 

Aruba  now  routinely  recommends 
that  in  high-use  areas  like  lecture  halls, 
stadiums  and  the  like  that  bonded 
40MHz  channels  simply  be  disabled, 
and  more  access  points  be  packed  in. 

Roaming:  Roaming  between  access 
points  for  mobile  devices  is  still  a  prob¬ 
lem,  though  not  as  bad  as  it  was  just  a 
few  years  ago.  “In  the  past,  early  mobile 
devices  had  very  poor  roaming  algo¬ 
rithms,”  Lukaszewski  says.  Once  con¬ 
nected  to  an  access  point,  many  devices 
simply  clung  to  it,  even  when  the  user 
had  moved  to  another  location  with  a  nearby 
access  point  that  had  a  much  better  signal. 

“Apple  devices  used  to  be  very  challenged 
in  this  regard,  though  they’ve  made  some 
improvements,”  Lukaszewski  says.  “Their 
driver  behavior  is  better  but  it’s  still  nowhere 
near  what  we  see  in,  for  example,  voice-over- 
IP  Wi-Fi  devices.” 

Universities  and  colleges  in  2008  were 
already  seeing  scaling  challenges  with  high- 
density  WLANs,  which  strained  such  back¬ 
end  enterprise  services  as  DHCP  servers  and 
IP  address  allocation.  The  new  generation  of 
mobile  devices  is  creating  new  strains  all  over 
again. 

Impact  on  network  services:  “The  impact 
of  smart  devices  on  AAA  [authentication, 
authorization  and  accounting]  is  massive, 
as  these  devices  don’t  roam  so  much  as  they 
come  online  randomly  as  users  take  them  out 
and  put  them  away  frequently,”  Lukaszewski 
says.  “You  will  need  a  minimum  of  two  times 
the  number  of  AAA  servers  that  you  would 
need  in  a  laptop-only  environment.” 

Another  burden  is  the  use  by  mobile 
devices  of  chatty  discovery  protocols,  espe¬ 
cially  Apple’s  Bonjour  protocol,  based  on 
multicast  DNS  (MDNS).  Bonjour  in  particu¬ 
lar  works  perfectly  fine  in  a  home  Wi-Fi  net¬ 
work,  to  find  and  connect  with  Apple  TV,  or 
an  Apple  AirPrint  printer.  But  these  devices 
are  constantly  broadcasting,  generating 
heavy  loads  across  enterprise  networks,  and 
doing  so  at  lower  data  rates  than  standard 
data  traffic. 

The  result,  says  Lukaszewski,  is  multicast 
traffic  can  swell  and  bog  down  the  WLAN. 
Aruba  this  week  unveiled  software  that 
will  filter  MDNS  traffic,  and  rival  Aerohive 
announced  a  product  earlier  this  month.  ■ 


//  No  one  could 
II  answer  me 
when  I  asked,  'What 
will  happen  when  we 
scale  to  3,000  iPads 
by  year-end?’” 
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►  Fabric ,  from  page  1 

in  the  TRILL  standard.  The  company  says 
its  VDX  data  center  switches  can  operate  in 
VCS  mode  or  in  “classic”  mode,  which  is  more 
adherent  to  IEEE  802.x  standards.  The  data 
plane  in  a  VCS  implementation  uses  TRILL; 
but  the  control  plane  does  not,  it  uses  Fabric 
Shortest  Path  First  (FSPF),  an  ANSI  standard 
used  by  all  Fibre  Channel  SAN  fabrics  as  the 
link-state  routing  protocol. 

Alternative  link-state  routing  protocols 
ban  be  supported  in  VCS  when  they  are  stan¬ 
dardized  and  available,  Brocade  says.  But  the 
link  state  protocol  in  TRILL,  Intermediate 
System-to-Interrpediate  System  (IS-IS),  has 
been  documented  since  July  2011  and  even 
tested  for  interoperability  at  the  University 
of  New  Hampshire  almost  a  year  before  that, 
says  Donald  Eastlake,  chairman  of  the  TRILL 
working  group  in  the  IETF. 

“I  think  this  year  there  will  be  a  number  of 
switches  from  a  number  of  vendors  that  will 
support  the  TRILL  control  plane,”  Eastlake 
says. 

He  wouldn’t  speculate  on  why  vendors  have 
been  delaying  full  compliance  of  TRILL  data 
and  control  planes  in  their  fabric  switches. 

“There’s  nothing  inherently  evil  about 
using  the  TRILL  data  plane  instead  of  the 
control  plane,”  he  says.  “It  won’t  interoper¬ 
ate  with  a  standard  TRILL  control  plane 
but  people  manufacture  things  that  don’t 
interoperate  all  the  time.  Other  people 
make  things  that  try  very  hard  to  be  very 
interoperable.” 

HP  says  it  supports  TRILL  and  its  own 
Intelligent  Resilient  Framework  (IRF)  rnul- 
tichassis  bonding  technology  for  flattening 
the  data  center  network.  HP  just  announced 
its  new  5900  line  of  top-of-rack  switches 
that  support  both. 

Arista  Networks,  Extreme  Networks  and 
Alcatel-Lucent  all  advocate  MC-LAG  as  the 
fabric  architecture  for  their  switches.  MC- 
LAG  is  an  IEEE  standard  that  is  intended  to 
replace  the  Ethernet  Spanning  Tree  Protocol 
to  improve  resiliency  and  uptime,  and  reduce 
latency,  by  creating  active/active  network 
paths  for  load  balancing  and  redundancy. 

Since  the  fabrics  are  based  on  Ethernet, 
they  should  be  as  easy  to  deploy  as  Ethernet, 
according  to  Extreme. 

“Ethernet  is  open,”  says  Doug  Wills,  senior 
director  of  marketing  at  Extreme.  “Why  not 
Ethernet  fabrics?” 

Avaya  supports  the  IEEE’s  Shortest  Path 
Bridging  (SPB)  specification,  an  alternative 
to  TRILL,  for  its  VENA  fabric  architectures. 
Shortest  Path  Bridging  is  founded  on  the 
IEEE  802. lah  Provider  Backbone  Bridging 
MAC-in-MAC  standard,  which  in  the  telecom 
world  is  proposed  as  a  Layer  2  alternative  to 
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MPLS  for  Metro  Ethernet  deployments. 

Hedging  their  bets 

Some  vendors,  though,  hedge  their  bets  by 
supporting  both  SPB  and  TRILL.  Huawei  is 
in  this  camp. 

Juniper  implemented  a  tagging  mecha¬ 
nism  in  the  Broadcom  silicon  in  its  QFabric 
line  because  it  functions  like  a  fabric  inside 
the  switch  itself;  if  a  switch  itself  functions  as 
a  fabric,  a  fabric  configured  with  like  switches 
can  form  a  flatter  topology,  Juniper  asserts. 

“You  don’t  actually  run  a  protocol,”  says 
Andy  Ingram,  worldwide  managing  direc¬ 
tor  of  data  center  sales  for  Juniper.  “We  use 
the  hardware  to  transport  the  bits  between 
the  ingress  and  the  egress  point  in  the  switch 
fabric.” 

Ingram  says  this  has  several  advantages: 
It  can  be  managed  as  a  single  logical  device 
—  there  is  no  need  to  manage  each  node  of 
the  spine  and  leaf  topology;  it  lowers  latency 
because  there  are  fewer  ASICs  in  the  data 
path;  and  it  should  be  less  expensive  because 
of  the  fewer  components. 

Juniper  says  it  has  100  QFabric  customers, 


more  than  half  of  which  are  in  production 
mode  —  for  the  stand-alone  QFX3500  node/ 
top-of-rack  switch  and/or  the  QFabric  Inter¬ 
connect.  Ingram  also  says  at  least  one-third 
are  new  Juniper  customers  who’ve  literally 
bought  into  the  QFabric  architecture. 

There’s  been  speculation  that  QFabric  is 
having  a  hard  time  living  up  to  its  6,144 10G 
port/one-hop  billing  in  customer  trials,  but 
Ingram  says  Juniper’s  been  working  closely 
with  customers  through  a  prolonged  testing 
period  for  what’s  essentially  a  new  data  cen¬ 
ter  networking  architecture. 

“We  have  one  that  will  go  in  production  in  the 
next  60  days  that  was  a  beta  account,”  he  says. 
“It’s  a  big  part  of  their  business,  it’s  a  service 
provider  in  the  cloud  space,  and  they’ve  been 
testing  it  extensively  for  some  time.  They’re 
waiting  for  the  next  release  to  come  out  which 
would  have  some  of  the  capabilities  that  are 
important  for  them  to  go  to  production.  We 
have  quite  a  few  that  will  go  into  production  in 
the  next  three  to  four  months.” 

There’s  also  speculation  that  many  are 
waiting  for  a  release  of  QFabric  based  on  cus¬ 
tom  Juniper  ASICs. 

The  New  York  Stock  Exchange  is  a  show¬ 
case  account  for  Juniper  and  one  that’s 
been  testing  QFabric  since  its  introduction. 
But  UBS  analyst  Nikos  Theodosopoulos 
reported  in  a  recent  bulletin  that  QFabric 
“champion”  Andy  Bach,  senior  vice  president 
of  technology  for  the  NYSE,  is  leaving  the 
exchange,  “adding  uncertainty  to  QFabric 
deployment  there.” 

Throwing  a  curve  into  all  of  this  is  soft- 
ware-defined  networking  (SDN)  and  its  most 
visible  component,  OpenFlow.  OpenFlow 
and  SDNs  are  seen  as  a  way  to  make  configur¬ 
ing  network  hardware  more  programmable, 
which  could  make  data  center  fabrics  more 
agile  to  handle  large  data  sets,  or  big  data. 

Proponents  of  OpenFlow  and  SDNs  say 
the  technologies  could  help  hybrid  cloud 
computing  services  enable  bandwidth-on- 
demand  for  data  center  interconnection; 
allow  scientists  to  conduct  research  with  col¬ 
laborators  worldwide  by  enabling  the  global 
exchange  of  massive  data  sets  collected  from 
research  projects  around  the  world;  and  bal¬ 
ance  loads  across  the  fabric’s  multiple  active 
links  within  and  between  data  centers. 

And  perhaps  most  threatening  to  vendors, 
OpenFlow  and  SDNs  could  relegate  propri¬ 
etary  fabrics  to  niches  within  data  centers 
and  clouds,  rather  than  holistic,  end-to-end 
architectures. 

Then  again,  maybe  not. 

“In  theory,  it  should  make  fabrics  more  flex¬ 
ible,”  ZK  Research’s  Kerravala  says.  “But  have 
you  ever  heard  an  OpenFlow  vendor  explain 
to  you  what  they  can  do  that  you  couldn’t  do 
with  traditional  networking?”  ■ 


20  MARCH  26,  2012  www.networkworld.com 


TOOLS  +  ADVICE  llllilllllililllillllllllilisillliil!illiill!l!ll!iilll 


TOOLS 

Linksys  Powerline  connections: 
Wired  without  wires 


ast  week  here  in  Gearhead  I  dis¬ 
cussed  my  ongoing  saga  of  trying  to 
get  decent  IP  DSL  service  from  AT&T 
U-V erse.  Since  that  column,  things  have  not 
improved  and  AT&T  just  dropped  my  line  speed  from 
1 6Mbps  to  3Mbps.  Somewhere  along  the  way  gremlins 
|  got  into  the  system  and  now  the  latency  I’m  seeing  has 
increased  by  roughly  10  times  (att.com  was  averag¬ 
ing  45  microseconds;  now  it’s  almost  450  microseconds). 


We’ll  skip  any  more  complaints  (for  now) 
about  AT&T’s  U-Verse  and  its  wretched 
Motorola  NVG510  DSL  modem  other  than  to 
note  that  I  disabled  Wi-Fi  because  it  stopped 
working  on  the  second  unit  they  sent  me  and 
I  am  now  using  a  separate  access  point. 

This  week  I  wanted  to  get  back  to  the  solu¬ 
tion  I  found  for  streaming  “Downton  Abbey” 
to  the  Apple  TV  device  connected  to  the  TV  in 
my  bedroom  without  the  buffering  interrup¬ 
tions  introduced  by  the  poor  Wi-Fi  connec¬ 
tivity  I  have  been  wrestling  with  (Apple  TV 
supports  both  wired  Ethernet  and  Wi-Fi). 
That  solution  is  Cisco’s  new  Linksys  PLE400 
and  PLS400  Powerline  Network  Adapters. 

Powerline  networks  operate  by  sending  a 
modulated  carrier  signal  over  your  regular 
AC  wiring.  I’ve  covered  powerline  products 
several  times  over  the  years,  the  last  time 
being  in  2007  when  powerline  technology 
data  rates  topped  out  at  85Mbps  at  the  physi¬ 
cal  layer.  The  Linksys  devices  conform  to 
the  HomePlug  AV  specification  and  deliver 
a  peak  data  rate  of 200Mbps  at  the  physical 
layer  and  about  80Mbps  at  the  MAC  layer. 

Both  of  these  devices  are  compatible  with 
110  V/60Hz  to  240 V/50Hz  wiring  systems 
and  are  fairly  compact  in  size:  The  PLE400 
measures  4.0  *  2.83  *  2.06  inches  while  the 
PLS400  is  4.66  x  3.18  x  2.07  inches. 

The  PLE400  has  a  single  Fast  Ethernet 
(10/100)  port  while  the  PLS400  has  four 
Fast  Ethernet  ports  and  they  can  be  pur¬ 
chased  singularly  or  as  a  kit  containing  one 
of  each  model. 

Setup  is  easy:  You  just  plug  one  of  the 
devices  into  a  power  socket  near  your  router 
and  run  a  jumper  from  the  Ethernet  port  to 
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your  network  and 

then  plug  in  the  other  unit  next  to  remote 
devices  that  need  network  access,  and  voila! 
Instant  and  transparent  bridging  between 
the  devices. 

The  data  connections  are  secured  by  128- 
bit  AES  link  encryption  which  defaults  to 
the  string  “HomePlugAV.”  Smart  peeps  will 
change  this  immediately  and  there  are  two 
ways  to  do  this. 

The  first  way  is  much  like  the  WPS 
security  setup  with  wireless  access  points: 
You  press  the  HomePlug  Simple  Connect 
button  on  the  side  of  one  of  the  devices  and  it 
generates  a  new  key  and,  for  a  couple  of  min¬ 
utes,  broadcasts  the  key.  When  you  press 
the  same  button  on  other  powerline 
devices  in  that  time  window  they 
acquire  the  key  and  can  begin 
communicating. 

But  if  you  are  at  all 
paranoid  and  have 
any  concerns 
about  the 
pri¬ 


vacy  of  your  connection,  you’ll  want  to  use 
the  other  way  to  set  passwords  —  a  configu¬ 
ration  utility  that  you  can  download  from 
the  Cisco  website. 

With  this  utility  you  can  monitor  the  pow¬ 
erline  network,  check  throughput  between 
endpoints,  enable  or  disable  quality-of- ser¬ 
vice  rules,  and  bulk  change  passwords  on  all 
connected  devices. 

These  Linksys  powerline  products  work 
extremely  well,  though  complex  power 
wiring,  electrically  noisy  equipment  such 
as  HVAC  plants  and  lighting  systems,  and 
connections  between  endpoints  on  different 
mains  power  buses  can  cause  problems. 
That  said,  these  products  seem  more  robust 
in  operation  than  previous  powerline  prod¬ 
ucts  I’ve  tested.  The  PLEK400  kit  is  reason¬ 
ably  priced  at  around  $90  and  not  only 
gets  a  rating  of  5  out  of  5  but  also  receives  a 
“highly  recommended.”  ■ 

Gibbs  is  rewired  in  Ventura,  Calif.  Your 
connections  to  gearhead@gibbs.com. 
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Not-so-magic  monitoi, 
tiny  routers  and  a  kick-ass 
gaming  headset 


THE 

SCOOP 


MIMO 

MagicTouch 
10-inch  touch¬ 
screen  USB 
monitor 

by  MIMO  Monitors,  about  $300 


►  What  it  is:  This  10.1-inch  display  looks 
like  a  tablet,  but  when  you  connect  it  to  its 
tabletop  stand,  it  can  plug  in  directly  via 
USB  (two  ports  needed)  to  a  PC  or  Macin¬ 
tosh  system  and  provide  additional  moni¬ 
tor  space.  If  you  have  a  Windows  7  system, 
the  monitor  can  be  touch  screen-enabled, 
to  let  you  draw  or  open  applications  with 
your  finger  (or  stylus). 


►  Why  it's  cool:  The  USB  cable  and  Display- 
Link  software  are  easy  to  install  quickly 
to  the  PC,  and  the  extra  screen  real  estate 
is  good  for  using  the  monitor  as  a  digital 
picture  frame,  for  playing  multimedia  from, 
and  for  multitasking  without  needing  to 
clutter  up  your  main  monitor.  The  small  size 
and  portability  might  appeal  to  netbook  and 
notebook  users. 


►  Some  caveats:  The  touch-screen  func¬ 
tionality  only  works  with  Windows  7,  and  it 
was  sporadic  at  best.  With  other  Windows 
systems  and  the  Mac,  you  can  only  use  this 
as  a  secondary  display.  In  addition,  the  price 
seems  high  when  you  can  also  buy  a  larger 
monitor  (a  15-inch  LCD  for  example)  and 
then  buy  a  $50  USB  adapter  and  still  have 
money  left  over. 

►  Grade  ★★  (out  of  five). 
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150Mbps 
Wireless  N 
Nano  Router 
(TL-WR702N) 

by  TP-Link,  about  $40 


THE 

SCOOP 


►  What  it  is:  This  may  be  the  tiniest  wire¬ 
less  router  that  you’ve  ever  seen  (shown 
above).  Small  enough  to  fit  in  your  hand 
(and  travel  bag),  the  Nano  Router  sports  an 
Ethernet  port  and  a  power  port,  which  can 
be  powered  by  a  regular  power  outlet  or 

a  USB  port  on  a  computer.  The  device  can 
be  used  as  a  wireless  bridge  (giving  Wi-Fi 
capabilities  to  non-wireless  devices  via  Eth¬ 
ernet),  a  repeater  (extend  an  existing  Wi-Fi 
network  range),  or  as  its  own  router. 

►  Why  it's  cool:  Using  the  device  as  its  own 
router  is  intriguing,  especially  for  travelers. 
By  plugging  the  device  into  a  wired  Ethernet 
connection  (say,  at  a  hotel),  you  can  then  pro¬ 
vide  Wi-Fi  access  to  multiple  devices  (tablets, 
smartphones)  via  the  one  connection.  On  a 
recent  trip,  I  discovered  the  hotel  had  placed 
the  wired  Ethernet  cable  on  the  nightstand 
next  to  the  bed  instead  of  near  the  desk.  With 
this  unit,  you  can  use  Wi-Fi  from  the  desk/ 

PC  to  the  Nano  Router,  which  contained  the 
hotel  broadband  cable. 

►  Some  caveats:  The  provided 
Ethernet  cable  is  way  too  small 
for  regular  use  —  use  your  own 
longer  cable  for  optimal  device 
placement.  Configuring  the 
unit  for  modes  other  than  a  , 
router  is  tricky. 

►  Grade  ★★★★ 


GameCom  780 
USB  headset 

by  Plantronics,  about  $80 


►  What  it  is:  Geared  toward  gamers,  the 
GameCom  780  headset  combines  Dolby 
technologies  to  provide  7.1  surround  sound 
experience  not  only  for  games,  but  for  listen¬ 
ing  to  music  or  even  for  VoIP  applications 
like  Skype.  The  unit  includes  a  noise-can¬ 
celing  microphone  that  can  flip  up  when  it’s 
not  being  used,  and  large  ear  cushions  with 
40mm  speakers. 

►  Why  it’s  cool:  For  some  reason,  the  best 
computer  headsets  are  marketed  toward 
gamers,  but  you  can  also  use  them  for  non¬ 
gaming  activities  such  as  videoconferenc¬ 
ing,  watching  movies  or  listening  to  music. 
For  me,  the  most  important  features  tend 
to  be  the  microphone  quality  (and  with  a 
noise-canceling  mic,  this  helps  immensely) 
and  ear  comfort.  When  playing  games  you 
tend  to  wear  the  headset  for  a  long  period 
of  time,  and  I  didn’t  experience  a  lot  of  ear 
fatigue  wearing  these  compared  with  other 
headsets.  The  7.1  surround  feature  made  the 
games  sound  really  good. 

►  Some  caveats:  On  some  occasions  there 

was  some  static  crackling  from  the 
headsets  when  playing  games;  it 
could  have  been  the  PC  I  was  using 
the  headset  on,  however.  I  was  also 
disappointed  that  you  can’t  use 
these  on  a  Mac. 

►  Grade  ★★★★ 

Shaw  can  be  reached  at  kshaw@ 
nww.com. 
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THREE-STREAM  802. 11N 


Three-stream  Wi-Fi  proves  its  value 

In  3-stream  vs.  2-stream  tests,  7  APs  deliver  impressive  performance  increases 


BYCRAIG  MATHIAS 


CLEAR 
E 


AP  represents  a  maximum  over-the-air  PHY 
signaling  rate,  or  in  other  words,  the  speed 
that  the  marketing  department  of  any  given 
wireless  LAN  vendor  claims  that  its  prod¬ 
uct  will  not  exceed.  Still,  one  might  be  led  to 
expect  a  significant  performance  increase 
for  three-stream  over  two-stream  imple¬ 
mentations,  especially  using  a  three-stream 
client  (although  a  nominal  increase  with  two- 
stream  clients  could  also  be  expected)  and  all 
other  conditions  being  equal. 

There’s  also  an  appeal  on  the  economic 
front:  Given  that  prices  for  three-stream 
access  points  are  often  about  the  same  as 
those  of  two-stream  products,  price/perfor¬ 
mance  should  be  noticeably  improved.  And 
finally,  demand  for  three-stream  products 
should  be  significant,  given  growing  require¬ 
ments  for  capacity  from  an  onslaught  of 
bandwidth-hungry  users  wielding  a  grow¬ 
ing  arsenal  of  wireless  devices,  from  handsets 
and  tablets  to  good  old  notebooks  running 
ever-more  bandwidth-intensive  applications. 


travels  between  the  basement  and  second 
floor  of  our  test  location)  the  improvement  is 
a  still-remarkable  39.18%  —  a  good  deal  more 
than  we  expected. 

In  fact,  we  were  very  impressed  by  these 
results  overall  and  thus  would  encourage 
anyone  in  the  market  for  WLAN  equipment 
to  consider  three-stream  products. 

Here’s  a  short  summary  of  each  product’s 
performance: 

Belkin:  Price,  $99 

The  Belkin  N750  is  the  other  under-$100 
device  in  our  test.  Belkin’s  far-distance  test 
results  were  at  the  bottom  of  the  pack  — 
64Mbps  for  two-stream  results  and  72Mbps 
for  three-stream.  Its  near-distance  results 
were  much  better  —  87Mbps  to  157Mbps,  for 
an  improvement  of  80%. 

Cisco:  Price,  $1,495 

The  Cisco  3600  AP  delivered  77Mbps  in  the 
near-distance,  two-stream  test  and  179Mbps 
in  the  near-distance,  three-stream  test,  an 
improvement  of  133%.  In  the  far-distance 
tests,  Cisco  went  from  65Mbps  to  97Mbps,  a 
50%  improvement. 

Cisco  Linksys:  Price,  $159.99 
In  the  two-stream  baseline  test,  the  Cisco 
Linksys  came  in  next-to-last  at  74Mbps  in  the 
near-distance  test,  and  dead  last  at  62Mbps  in 
the  far-distance  test.  But  when  we  turned  on 
three-stream  MIMO,  the  Linksys  delivered 
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74Mbps 


Results  exceeded  our  expectations 

When  we  average  the  performance  of  all 
access  points  in  this  series  of  tests,  we  find 
that  the  improvement  of  three-stream  over 
two-stream  in  the  “near-case  scenario”  (when 
the  access  point  and  client  are  about  4  meters 
apart  in  the  same  room)  is  an  amazing  93.04%. 

And  in  the  “far-case  scenario”  (when  the 
distance  is  about  7  meters  but  the  signal 
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The  rapid  adoption  of 802.11n  has 
become  a  significant  milestone 
in  the  history  of  wireless  LANs. 
The  MIMO-based  technologies 
used  in  most  802.11n  systems 
provide  enough  throughput,  reliability,  and 
rate  vs.  range  performance  to  effectively 
remove  the  last  major  barriers  to  the  broad 
adoption  of  WLANs  in  the  enterprise. 

But  there  is  a  broad  range  of  options 
specified  in  802.11n,  and  consequently  many 
products  with  highly  varying  performance 
are  on  the  market.  A  given  802.11n  product 
is  usually  categorized  by  the  number  of  spa¬ 
tial  streams,  with  nominally  150Mbps  of 
throughput  possible  per  stream,  assuming  a 
40MHz  channel  and  a  short  guard  interval. 

Today,  600Mbps,  via  four  streams,  is 
the  upper  bound  of  the  802. lln  standard, 
with  two-stream  implementations  at  nomi¬ 
nally  300Mbps  the  effective  norm.  But 
we’re  starting  to  see  a  significant  number  of 
three-stream  access  points  promising  up  to 
450Mbps  coming  into  the  market. 

We’d  heard,  anecdotally,  about  a  10% 
to  15%  effective  performance  increase  in 
three-stream  products,  which,  while  not  bad, 
wouldn’t  set  the  world  on  fire.  So,  for  this  test 
we  set  out  to  do  a  level-playing-field  analysis 
of  three-stream  products,  using  three-stream 
access  points  from  seven  different  vendors 
and  a  two-stream  access  point  as  a  baseline. 
Both  enterprise-class  and  consumer/SMB- 
class  products  were  tested  in  order  to  explore 
a  broad  range  of  options. 

The  seven,  three-stream  access  points 
are:  Belkin  N750,  Cisco  3600,  Cisco  Linksys 
E4200,  D-Link  DIR-665,  Meraki  MR24,  Net- 
gear  WNDR4500  and  Xirrus  XR-4830.  Our 
baseline  AP  was  a  Netgear  WNDR3800. 

Of  course,  450Mbps  for  a  three-stream 


190Mbps  and  125Mbps  respectively,  which 
puts  it  in  second  place  overall.  Not  only  that, 
the  Linksys  delivered  improvement  rates  for 
three-stream  over  two-stream  of  158%  and 
100%  respectively. 

D-Link:  Price,  $99 

The  D-Link  DIR-665  is  a  low-cost  consumer 
device  that  finished  in  the  middle  of  the  pack. 
In  the  near-distance  test,  D-Link  improved 
from  91Mbps  to  123Mbps  (up  35%),  and  in  the 
far-distance  test,  D-Link  went  from  68Mbps 
to  91Mbps  (up  34%). 

Meraki:  Price,  $1,199.99 
Meraki  scored  well  in  our  near-field  test, 
coming  in  third  with  three-stream  through¬ 
put  of  184Mbps.  In  the  far-distance  test, 
Meraki  was  in  the  middle  of  the  pack,  with 
89Mbps,  a  35%  increase  over  Meraki’s  two- 
stream  performance. 

Netgear:  Price,  $179.99 
Netgear  was  our  top  performer  in  terms  of 
total  throughput,  delivering  223Mbps  in  the 
near-distance  test,  and  128Mbps  in  the  far- 
distance  test. 

Xirrus:  Price,  $6,450 

The  Xirrus  price  is  a  bit  deceiving,  since 
the  Xirrus  Array  comes  with  eight  separate 
radios.  In  terms  of  performance,  Xirrus 
trailed  the  pack  in  the  near-distance  test, 
with  a  three-stream  throughput  of  115Mbps, 


but  Xirrus  performed  near  the  top  in  the  far- 
distance  test  with  93Mbps. 

Interestingly,  the  test  of  the  two-stream 
baseline  access  point  (a  Netgear  WNDR3800) 
showed  a  modest  improvement  in  perfor¬ 
mance  when  using  the  three-stream  client, 
leading  to  the  conclusion  that,  just  as  802.11n 
clients  used  backward-compatibly  with 
802.11g  infrastructure  to  yield  a  “better  g  than 
g”  effect,  similar  “better  than  n”  performance 
should  result  when  using  a  three-stream  cli¬ 
ent  with  two-stream  access  points. 

Remarkably,  the  WNDR3800  also  had  the 
best  two-stream  near-distance  and  second- 
best  two-stream  far-distance  performance, 
perhaps  more  than  anything  suggesting 
maturity  in  firmware  and  overall  two-stream 
system  implementation. 

How  we  tested  three-stream 
802.11n  access  points 

Testing  was  conducted  in  freespace,  but  in 
a  residential  environment  so  as  to  provide  a 
greater  degree  of  control  over  the  airwaves  by 
minimizing  the  impact  of  any  potential  inter¬ 
ference.  It’s  almost  impossible  today  to  find  a 
commercial  facility  free  of  a  good  deal  of  arbi¬ 
trary  Wi-Fi  traffic,  evidence  of  the  status  that 
Wi-Fi  has  achieved. 

All  testing  was  monitored  with  a  spectrum 
analyzer  (in  this  case,  Fluke  Networks’  AirMa- 
gnet  Spectrum  XT  and  AirCheck  Wi-Fi  Tes¬ 
ter)  to  ensure  a  level  spectral  playing  field.  The 
server  end  of  this  test  was  an  Ixia  VeriWave 
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WaveTest  90  chassis  with  a  WBE1604  Ether¬ 
net  Board,  providing  a  consistent  and  highly 
instrumented  environment  with  respect  to 
load  and  the  recording  of  results. 

The  client  software  was  Ixia’s  VeriWave 
Wavelnsite  and  WaveTest  running  on  a  con¬ 
sole  PC  connected  to  the  back  of  the  chassis, 
and  the  company’s  WaveAgent  on  the  test 
notebook  PCs  equipped  with  wireless  client 
adapters. 

The  only  exceptions  were  in  the  case  of 
Cisco,  in  which  a  Cisco  Catalyst  3750-X  PoE 
switch  and  5500  WLAN  controller  were 
also  used,  and  Meraki,  which  requires  a  con¬ 
nection  to  the  Internet  for  control  and  man¬ 
agement  plane  implementation.  This  was 
accomplished  via  reconfiguring  IP  addresses 
and  connecting  to  the  Web  via  a  switch  and 
our  office  router. 

Each  series  of  tests  with  each  subject 
access  point  was  conducted  with  both  two- 
and  three-stream  client  devices  so  as  to  fully 
evaluate  the  performance  of  the  access  point. 
The  two-stream  client  was  Linksys’  popular 
WUSB600N,  a  USB  2.0  device  using  the 
Ralink  RT2870/RT2850  chipset,  and  the 
three-stream  client  was  a  Trendnet  TEW- 
680MB  media  bridge,  connected  to  the  test 
PC’s  Gigabit  Ethernet  port,  and  based  on  the 
Ralink  RT3883F  chip. 

While  three-stream  USB  adapters  are 
available,  it  was  felt  that  the  450Mbps  peak 
of  the  wireless  device  was  too  close  to  the 
480Mbps  limit  of  USB  2.0,  and  that  Gigabit 
Ethernet  would  provide  more  headroom  just 
in  case.  All  device  settings  were  left  at  their 
defaults  other  than  being  configured  to  auto¬ 
matically  connect  to  the  test  SSID. 

All  of  the  access  points  under  test,  except 
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Three  streams  deliver 
impressive  throughput  gains 

When  we  tested  two-stream  vs.  three-stream  MIMO,  our  seven 
access  points  under  test  showed  an  average  performance  increase  of 
93%  in  our  near-distance  tests,  and  39%  in  our  far-distance  tests. 


All  results  are  Goodput  in  Mbps  as  reported  by  Ixia  VeriWave  Wavelnsite  5.90.9-WA-3.0-WT-3.50,  2011.10.13.01,  using  WaveAgent  Version  2.1.0,  2011.10.19.04 
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the  Xirrus  Array,  were  configured  to  use  a 
single  40MHz  channel  (149/153)  in  the  5GHz 
band.  By  virtue  of  its  need  to  manage  eight 
separate  radios,  the  Xirrus  instead  auto-con¬ 
figured  channels  across  all  of  its  radios.  Apart 
from  the  radio  channel,  all  that  was  changed 
from  the  default  in  all  access  point  configura¬ 
tions  was  the  IP  address,  SSID  and  WPA2 
key.  The  2.4GHz  radio,  if  present,  was  dis¬ 
abled  if  possible  and  otherwise  left  uncon¬ 
figured,  so  the  only  variables  for  each  test 
run  were  the  particular  client  adapter  used 
and  the  distance  involved.  The  real  variable 
under  study,  then,  was  the  performance 
of  the  access  point  under  test.  Wavelnsite 
was  configured  to  generate  both  upstream 
and  downstream  HTTP  traffic  at  a  nominal 
lGbps  rate,  thus  saturating  the  link. 

Each  30-second  test  run  was  repeated 
three  times,  with  the  results  averaged  so  as  to 
factor  out  any  otherwise-undetected  anoma¬ 
lies,  over  both  “near-case”  (both  endpoints 
in  the  same  room  with  nominally  4  meters 
of  distance  between  them)  and  “far-case” 
(straight  up  from  the  basement  of  the  struc¬ 
ture  to  the  second  floor,  a  linear  distance 
of  about  7  meters  but  through  numerous 
solid  objects)  geometries.  The  near-case  test 
was  designed  to  evaluate  performance  that 
might  be  seen  in  a  typical  dense-access  point 
deployment,  while  far-case  is  more  charac¬ 
teristic  of  a  typical  access  point  deployment. 
We  thus  had  a  pretty  good  look  at  the  con¬ 
tribution  of  three-stream  MIMO  across  all 
of  the  access  points.  Just  to  be  sure,  we  also 
baselined  the  test  using  a  direct-wired  Giga¬ 
bit  Ethernet  connection,  which  showed  that 
gigabit  speeds  were  indeed  possible. 

Your  results  will  vary 

As  tempting  as  it  may  be,  any  use  of  these 
results  to  directly  compare  the  performance 
of  the  enterprise-class  access  points  tested 
here  should  be  avoided.  Note  that  we  used 
only  a  single  workload  on  a  single  client,  a 


A  note  on  nomenclature 

Wireless  LAN  devices  (access  points  and  clients)  supporting  (up  to)  three 
spatial  streams  are  often  denoted  as  “3x3"  devices,  referring  to  the  mini¬ 
mal  number  of  transmitters  and  receivers  required  to  make  this  particular 
configuration  of  MIMO  work.  But  there  is  so  much  variability  in  terminology  here 
that  a  standard  nomenclature  is  required. 

There  is,  unfortunately,  no  universal  agreement  on  this  point.  Regardless, 
Farpoint  Group  and  many  others  have  adopted  the  “TxR:S”  convention,  where  T  is 
the  number  of  transmitting  antennas,  R  is  the  number  of  receiving  antennas  and 
S  is  the  maximum  number  of  spatial  streams  possible,  with  an  802.11n-compliant 
implementation  of  a  stream  limited  to  a  PHY  rate  of  75Mbps  in  a  20MHz  channel 
and  150Mbps  in  a  40MHz  channel.  Note  here  that  T  and  R  represent  the  number 
of  physical  antennas,  not  the  number  of  radios.  One  radio  is  required  on  each  end 
per  stream,  but  antenna-diversity  techniques,  often  used  to  combat  radio  artifacts 
(most  notably  various  forms  of  signal  fading)  and  applicable  to  both  the  transmit 
and  receive  sides,  often  result  in  the  number  of  antennas  being  greater  than  the 
number  of  radios. 

Cisco’s  3600  AP,  for  example,  can  be  denoted  as  4x4:3  —  still  three  streams, 
still  limited  to  a  maximum  of  450Mbps  in  a  40MHz  channel,  but  with  extra  anten¬ 
nas  on  both  the  transmit  and  receive  sides  for  purposes  of  diversity. 

Finally,  note  that  there  need  be  no  direct  correlation  between  a  particular 
antenna  configuration  and  the  Layer  7  performance  of  any  given  product,  and  thus 
such  a  description  alone  is  inadequate  for  a  full  understanding  of  the  capabilities 
of  any  given  product. 

Also  note  that  architectural  design  and  other  features  provide  significant 
differentiation  beyond  measured  throughput  alone,  so  performance  specs  by 
themselves  should  never  be  assumed  to  be  a  key  point  of  differentiation.  Real- 
world  testing  in  a  facility  intended  for  provisioning,  with  application-appropriate 
workloads,  is  the  only  case  where  measured  performance  can  perform  such  a  role. 


highly  unrealistic  real-world  enterprise  sce¬ 
nario,  and  many  other  considerations,  includ¬ 
ing  system  architecture,  scalability,  capacity, 
security  management  features  and  much 
more,  preclude  the  application  of  any  single 
figure  of  merit  in  this  case. 

Comparing  residential-class  and  enter¬ 
prise-class  products  based  on  these  results 
would  be  similarly  unrealistic  and  misleading 


given  wildly  diverging  sets  of  capabilities 
and  core  missions.  Again,  our  objective  was 
to  learn  what  contribution,  if  any,  might  be 
made  by  three-stream  capability  —  and  we 
were  more  than  surprised  by  the  results.  ■ 

Mathias  is  a  principal  at  Farpoint  Group,  a 
wireless  advisory  firm  in  Ashland,  Mass.  He 
can  be  reached  at  craig@farpointgroup.com. 
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suite  of  integrated  tools  that  updates 
automatically.  Collaborate  in  the  cloud 
with  Office,  Exchange,  SharePoint, 
and  Lync  videoconferencing.*  Starting 
as  low  as  $8  per  user  per  month. 
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ARISTA  7508  DATA  CENTER  SWITCH 

Arista  10G  switch:  Fast  and  flexible 

Linux-based  core  switch  sets  records  with  high  density,  blazing  performance 


BYDAV1D  NEWMAN 

Packing  384  10G  Ethernet  ports 
into  an  11-rack-unit  form  factor 
is  only  the  beginning  for  Arista 
Networks’  DCS-7508  data  cen¬ 
ter  core  switch. 

In  this  exclusive  Clear  Choice  test,  the 
7508’s  performance  set  one  record  after 
another.  It  switched  5.7  billion  frames  per 
second,  the  highest  throughput  ever  seen  in 
a  Network  World  test.  It  moved  multicast  traf¬ 
fic  to  more  than  4,000  groups  on  all  ports, 
another  record  for  a  modular  switch.  And  it 
ran  at  wire  speed  in  almost  every  case  except 
when  we  deliberately  congested  the  switch, 
and  there  it  buffered  up  to  83MB  per  port. 

On  top  of  its  impressive  performance  stats, 
the  7508  also  showed  off  multiple  redundancy 
and  load-balancing  mechanisms  and  recov¬ 
ered  quickly  from  failures.  And  it  did  all  this 
running  on  Linux,  with  all  the  extensibility 
that  comes  with  Unix-like  operating  systems. 

For  network  managers  wondering  why 
they’d  need  this  much  port  density:  It  might 
not  happen  this  quarter  or  next,  but  10G  Eth¬ 
ernet  is  already  well  on  its  way  to  replacing 
Gigabitas  the  pervasive  data  center  transport. 

The  signs  are  all  there:  Intel  is  about  to 
ship  lOG-equipped  server  motherboards  in 
quantity.  A  gaggle  of  storage  vendors  already 
send  iSCSI  traffic  over  converged  10G  Eth¬ 
ernet  backbones.  And  faster  40G  and  100G 
Ethernet  uplinks  are  starting  to  appear.  Given 
the  usual  multiyear  depreciation  cycles  for 
networking  gear,  high-density  switches  like 
Arista’s  7508  are  starting  to  make  sense  as 
data  center  workhorses. 

A  well-considered  design 

Beyond  its  high  density,  the  7508  offers  some 
seriously  nice  hardware.  Airflow  is  excellent, 
thanks  to  fans  on  each  fabric  card  and  a  lat¬ 
tice  inside  the  chassis.  Power  management 
allowed  us  to  drive  all  384  ports  at  full  tilt 
using  just  two  power  supplies,  instead  of  the 
standard  four. 

The  design  smarts  extend  to  Arista’s  EOS 
software.  Underneath  a  Cisco  IOS-like  com¬ 
mand-line  interface  (CLI),  EOS  offers  modu¬ 
larity  and  a  complete  Linux  command  set. 
Modularity  means  the  failure  of  any  one  pro¬ 
cess  doesn’t  take  down  the  entire  system.  To 
verify,  we  intentionally  killed  EOS  processes 
and  watched  them  automatically  respawn; 
there  was  no  effect  on  other  system  functions. 

But  EOS’s  greatest  strength  is  its  exten¬ 
sibility.  Because  it’s  Linux  under  the  hood, 
EOS  is  highly  customizable.  The  vendor 


CLEAR 


provides  source  code  for  its  CLI  and  many 
other  (though  not  all)  system  components  and 
actively  encourages  customers  to  hack  its  code. 

To  demonstrate  EOS  extensibility.  Arista 
recently  gave  a  group  of  its  system  engineers, 
most  of  whom  aren’t  programmers,  24  hours 
to  get  new  projects  running.  They  produced 
dozens  of  tools,  ranging  from  useful  (say 
you’re  on  a  Mac,  and  want  Growl  notifications 
when  particular  interfaces  go  up  or  down)  to 
plain  crazy  (Pandora  radio  running  on  the 
switch,  fed  to  external  speakers  via  a  $20 
USB  sound  card). 

Also,  a  single  EOS  binary  image  runs  on 
all  Arista  switches,  both  core  boxes  like  the 
7508  and  various  top-of-rack  systems.  Hav¬ 
ing  one  system  image  eliminates  the  feature 
and  command  mismatches  sometimes  seen 
across  competitors’  switch  product  lines. 

We  assessed  the  Arista  switch  mainly  in 
terms  of  performance,  with  a  long  battery  of 
tests  intended  to  determine  the  system’s  limits. 

Describing  the  7508’s  unicast  throughput 
is  easy:  It  always  went  at  wire  speed.  With  the 
Spirent  TestCenter  traffic  generator/analyzer 
blasting  away  in  a  fully  meshed  traffic  pattern 
on  all  384 10G  Ethernet  ports,  the  7508  didn’t 
drop  a  single  frame  in  any  of  our  unicast  tests. 
At  rates  of  up  to  3.832  terabits  per  second,  the 
7508  was  perfect,  both  in  Layer  2  and  Layer  3 
configurations. 

The  7508  is  also  non-blocking  when 
handling  multicast  traffic,  provided  frame 
lengths  are  70  bytes  or  longer.  With  mini- 
mum-length  64-byte  frames,  the  system’s 
throughput  is  equivalent  to  92.588%  of  line 
rate.  For  every  other  frame  size  we  used,  the 
system  again  forwarded  all  traffic  at  wire 
speed  without  loss,  both  in  Layer  2  and  Layer 
3  setups.  (We’ve  added  70-byte  multicast 
tests  to  show  the  system  will  forward  at  line 
rate  when  frames  are  that  long  or  longer.) 

The  Layer  2  and  Layer  3  multicast  tests  also 
involved  very  high  control-plane  scalability. 
We  ran  the  Layer  2  tests  with  383  receiver 
ports  all  subscribed  to  4,095  multicast  groups. 
That’s  much  higher  than  in  previous  Network 
World  tests;  typically  those  tests  involved  1,024 
or  fewer  groups. 


In  the  Layer  3  case,  subscribers  on  383 
receiver  ports  joined  “only”  512  multicast 
groups,  but  then  again  the  system  also  ran  a 
different  PIM-SM  multicast  routing  session 
on  each  of 384  ports. 

Latency  was  generally  low  and  consistent. 
Layer  2  and  Layer  3  delays  were  virtually 
identical.  When  handling  unicast  traffic,  the 
7508  delayed  traffic,  on  average,  by  less  than 
9  microseconds  with  frame  lengths  of  up  to 
1,518  bytes;  with  jumbo  frames,  average  delay 
was  around  13  microseconds  (see  chart). 

One  exception:  Maximum  latency  was 
substantially  higher  with  short  and  medium- 
length  unicast  frames  than  long  ones,  revers¬ 
ing  the  pattern  often  seen  with  Ethernet 
switches  where  delay  increases  with  frame 
length.  This  was  only  seen  in  unicast  tests. 

In  the  multicast  tests,  both  average  and 
maximum  latency  were  significantly  lower 
than  unicast,  regardless  of  frame  size  (see 
chart).  This  is  important  for  the  growing 
number  of  users  who  make  heavy  use  of  mul¬ 
ticast  in  the  data  center. 

Here,  average  delays  were  less  than  5 
microseconds  for  frame  lengths  of  1,518  bytes 
or  shorter,  and  around  6  microseconds  with 
jumbo  frames.  Again,  there  were  no  signifi¬ 
cant  differences  between  Layer  2  and  Layer  3 
test  cases.  And  unlike  the  unicast  tests,  maxi¬ 
mum  multicast  latency  was  not  significantly 
higher  than  average  latency. 

Maximizing  uptime 

While  high  performance  is  essential  for  core 
switches,  high  availability  is  at  least  as  impor¬ 
tant.  The  7508’s  highly  redundant  design 
extends  to  many  components:  There  are  six 
fabric  cards,  each  with  their  own  fans  along 
with  multiple  power  supplies  and  redundant 
supervisor  modules. 

To  measure  the  time  needed  to  recover 
from  the  loss  of  a  supervisor  module,  we 
physically  removed  the  primary  supervisor 
while  offering  64-byte  unicast  frames  at  line 
rate  to  all  384  ports.  By  dividing  frame  loss 
into  frame  rate,  we  determined  that  the  sys¬ 
tem  recovered  in  31.84  microseconds. 

That’s  not  instantaneous,  but  it’s  still  pretty 
fast;  performance  of  many  enterprise  appli¬ 
cations,  especially  those  running  over  TCP, 
won’t  degrade  until  disruptions  run  up  into 
the  milliseconds.  Arista  says  the  32-microsec¬ 
ond  figure  represents  only  those  frames  that 
were  in  flight  between  transmit  and  receive 
ports  at  the  time  we  pulled  the  module. 

Power  consumption  is  another  key  con¬ 
sideration.  We  measured  power  usage  in 
two  modes:  fully  loaded,  with  traffic  from  the 
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Low  latency 
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In  our  multicast  and  unicast  latency  tests,  the  Arista  switch  delivered 
extremely  low  latency  in  both  Layer  2  and  Layer  3  tests. 


Multicast  latency 

In  this  test,  subscribers  on  383  receiver  ports  joined  512  multicast 
groups  in  Layer  3  testing  and  4,095  groups  in  Layer  2  testing. 


Unicast  latency 

In  this  test  with  384  ports  fully  meshed  at  10G  line  rate,  the  Arista  switch 
demonstrated  low  average  latency  in  all  tests. 
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Product  Arista  DCS-7508 


Company 

Arista  Networks 

Price 

Chassis  bundle  (chassis,  1  supervisor  module,  4  power  supplies,  6  fabric  cards), 

$99,995;  supervisor  module,  $9,995;  48-port  10G  Ethernet  line  card,  $32,995;  price  as 
tested,  $409,278 

Pros 

Wire-speed  throughput,  low  average  latency,  fast  recovery 
from  failure,  high  density,  highly  extensible  software 

Cons 

Limited  routing  scalability,  no  hitless  failover  (yet) 

THANKS! 


Network  World  gratefully 
acknowledges  the  assistance 
of  Spirent  Communications, 
which  supplied  its  Spirent 
TestCenter  traffic  generator/ 
analyzer  and  10G  Ethernet 
HyperMetrics  dX  modules 
for  this  project.  Spirent's 
Jurrie  van  den  Breekel  and 
Timmons  Player  also  provided 
technical  support.  Thanks  also 
to  Fluke  Corp.  for  supplying  a 
Fluke  335  clamp  meter  used 
in  power  measurement. 


81.37 

81.80 


www.networkworld.com  march  26, 2012  29 


CLEAR  ARISTA  7508  DATA  CENTER  SWITCH 

CHOICE 

TEST^ 


Spirent  test  instrument  offered  to  all  384  ports 
at  line  rate,  and  50%  loaded,  with  only  half  the 
line  cards  inserted  (but  still  offering  traffic  at 
line  rate  to  all  those  cards).  In  these  and  all 
other  tests,  the  switch  used  direct-attached 
copper  (DAC)  cables  and  transceivers. 

When  fully  loaded,  the  7508  drew  4,358 
watts,  or  about  11.3  watts  per  port.  With  only 
half  the  ports  inserted,  the  system  used  1,598 
watts,  or  about  8.3  watts  per  port.  The  fully 
loaded  number  is  a  worst-case  scenario,  while 
the  50%  case  is  more  representative  for  many 
enterprises,  especially  those  that  don’t  popu¬ 
late  all  line  cards  on  day  one. 

Buffering  capacity 

Arista  requested  that  we  measure  the  burst¬ 
handling  characteristics  of  the  7508,  specifi¬ 
cally  to  verify  Arista’s  claim  that  the  system 
can  buffer  up  to  50MB  per  port.  Handling 
short,  high-speed  bursts  of  traffic  is  important 
in  many  high-performance  computing  appli¬ 
cations,  where  multiple  senders  may  present 
data  to  the  same  receiver  at  the  same  instant. 

Today,  there  isn’t  an  industry-standard 
method  of  measuring  burst  handling.  We  used 
a  couple  of  methods  here:  first,  with  a  2-to-l 
oversubscription  of  steady-state  traffic,  where 
we  offer  traffic  to  256  ports,  destined  to  all  the 
remaining  128  ports.  That’s  a  simple  buffer  test 
and  should  work  regardless  of  burst  length. 

Second,  to  assess  microburst  buffering,  we 
sent  bursts  of  varying  sizes  at  line  rate  from 
multiple  sources  to  the  same  destination  port 
at  the  same  time.  By  experimenting  with  dif¬ 
ferent  burst  lengths,  we  found  the  maximum 
microburst  length  the  system  could  buffer 
without  frame  loss. 

While  the  microburst  method  is  arguably 
more  interesting  due  to  the  dynamic  nature  of 
enterprise  traffic,  the  first  method  produced  a 
surprising  result. 

Faced  with  a  2-to-l  oversubscription,  the 
switch  initially  dropped  nearly  60%  of  traffic 
rather  than  the  expected  50%  or  less,  mean¬ 
ing  it  wasn’t  buffering  at  all.  Arista  attributed 
the  loss  to  a  combination  of  the  way  the  7508’s 
virtual  output  queuing  (VOQ)  works  and  the 
totally  nonrandom  order  of  our  test  traffic. 
After  setting  the  VOQ  scheduling  to  a  non¬ 
default  setting  (“petra  voq  tail-drop  2”),  packet 
loss  fell  to  50%  or  less,  as  expected. 

Another  lesson  learned,  both  in  steady- 
state  and  microburst  buffering  tests,  is  that 
buffer  capacity  depends  in  part  on  the  num¬ 
ber  of  senders  and  receivers  involved.  When 
we  ran  the  microburst  test  with  256  transmit¬ 
ter  and  128  receiver  ports,  the  7508  buffered 
up  to  83.49MB  on  each  receiver  port  with  zero 
frame  loss,  well  in  excess  of  Arista’s  claim  of 
50MB/port.  That’s  equivalent  to  around 


56,300 1,518-byte  frames  per  egress  port. 

However,  if  we  ran  the  same  test  with  383 
transmitters  all  aimed  at  one  receiver,  the 
largest  amount  of  traffic  that  could  be  buff¬ 
ered  without  loss  was  much  lower,  around 
6.85MB  (or  around  4,600 1,518-byte  frames). 

The  results  differ  because  of  the  7508’s 
VOQ  and  credit-based  architecture.  When 
frames  enter  the  switch,  it  will  allocate  buf¬ 
fers  and  issue  forwarding  credits  if,  and  only 
if,  sufficient  resources  exist  to  forward  the 
traffic.  The  higher  the  ratio  of  transmitters  to 
receivers,  the  greater  the  imbalance  between 
requested  and  available  resources.  In  this 
light,  Arista’s  50MB  claim  is  really  a  com¬ 
posite  figure,  one  that  assumes  transmit  and 
receive  port  counts  are  somewhere  between 
the  best-  and  worst-case  scenarios. 

MLAG  resiliency 

Mention  spanning  tree  to  any  data  center 
architect,  and  you’re  likely  to  be  greeted  with 
a  scowl.  Besides  cutting  bandwidth  in  half 
with  its  active/passive  design  (where  50%  of 
links  and  ports  sit  idle),  the  protocol  can  be 
tricky  to  troubleshoot. 

Many  switch  vendors,  including  Arista, 
have  methods  to  eliminate  spanning  tree,  in 
turn  enabling  larger,  faster,  flatter  data  center 
designs.  While  all  the  various  approaches 
are  proprietary,  Arista’s  approach,  called 
multi-switch  link  aggregation  (MLAG), 
starts  with  the  IEEE  802.3ad  link  aggrega¬ 
tion  specification. 

With  MLAG,  each  attached  server  or  switch 
can  use  standards-based  link  aggregation  to 
form  a  virtual  pipe  with  two  physical  Arista 
switches,  and  see  those  switches  as  one  logical 
entity.  MLAG  works  with  any  device  that  uses 
the  link  aggregation  control  protocol  (LACP). 
It  doubles  available  bandwidth  with  its  active- 
active  design,  while  still  preventing  loops  like 
spanning  tree. 

We  verified  MLAG  functionality  with  two 
pairs  of  eight-port  MLAG  trunks,  each  split 
across  two  7508  switches.  First  we  verified 
MLAG  could  forward  across  all  ports  by 
offering  bidirectional  test  traffic  from  256 
hosts  emulated  by  the  Spirent  test  instrument. 
MLAG  perfectly  distributed  traffic  from  these 
hosts,  with  each  MLAG  port  forwarding  the 
exact  same  number  of  frames. 

To  test  MLAG  resiliency,  we  then  rebooted 
one  of  the  7508s,  forcing  traffic  onto  the 
remaining  ports  in  the  MLAG  trunk.  By  deriv¬ 
ing  cutover  time  from  frame  loss,  we  deter¬ 
mined  that  it  took  158.81  milliseconds  for  the 
system  to  resume  forwarding  all  traffic  with¬ 
out  loss.  In  comparison,  Rapid  Spanning  Tree 
typically  takes  one  to  three  seconds. 

While  MLAG  represents  an  interesting 


approach  in  that  it’s  based  on  a  simple  and 
well-understood  standard,  there’s  still  a  pro¬ 
prietary  component:  The  two  MLAG  peers 
must  be  Arista  switches,  which  share  learn¬ 
ing  and  state  information  using  a  proprietary 
protocol.  For  the  devices  attached  to  the  peers, 
however,  it’s  just  standards-based  LACR 

OSPF  scalability 

We  also  assessed  unicast  routing  with  tests  of 
OSPF  routing  scalability  and  equal  cost  mul¬ 
tipath  (ECMP)  capabilities. 

To  measure  routing  capacity,  we  configured 
the  Spirent  test  instrument  to  advertise  pro¬ 
gressively  larger  numbers  of  networks  over 
OSPF,  and  then  determined  whether  the  7508 
could  forward  traffic  to  all  these  networks 
without  loss.  The  largest  number  of  routes  the 
system  could  install  in  its  hardware  forward¬ 
ing  tables  was  13,500. 

That’s  certainly  more  than  enough  for  most 
data  centers.  In  its  internal  testing,  Arista 
says  the  7508  learned  42,500  routes  when 
the  advertised  networks  primarily  used  /24 
and  /32  prefix  lengths  (we  used  an  Internet 
distribution  in  our  tests,  modeling  the  prefix 
lengths  seen  on  Internet  backbones). 

Another  part  of  the  EOS  routing  feature 
set  is  the  ability  to  load-balance  using  OSPF 
ECMP,  distributing  traffic  on  as  many  as  16 
links.  Most  competitors  support  a  maximum 
of  eight-way  links  when  doing  ECMP. 

In  our  tests,  the  7508  spread  traffic  pretty 
evenly  across  all  16  OSPF  sessions.  We  saw  a 
variation  of  around  1.215%  between  the  least 
and  most  used  OSPF  ports. 

Our  complaints  with  the  7508  are  relatively 
minor.  Unicast  maximum  latency  is  higher 
with  short  and  midlength  frames  than  with 
longer  frames.  The  7508’s  hardware  routing 
table  doesn’t  scale  as  high  as  some  other  mod¬ 
ular  switches  we’ve  tested,  but  that’s  more  a 
battle  for  bragging  rights  among  vendors  than 
a  concern  for  most  data  centers.  EOS  doesn’t 
yet  support  hitless  failovers  or  IPv6,  though 
Arista  says  it’s  working  on  both.  And  the 
7508’s  buffering  capabilities  differ  depending 
on  traffic  patterns,  but  that’s  true  of  all  credit- 
based  systems. 

Speed  and  flexibility  trump  these  com¬ 
plaints.  As  enterprises  roll  out  more  10G 
Ethernet  in  the  data  center  —  and  that  will 
happen  soon  —  they’ll  need  high-density 
ways  to  tie  everything  together.  The  Arista 
7508  is  ready  to  do  that,  today.  ■ 

Newman  is  a  member  of  the  Network  World 
Lab  Alliance  and  president  of  Network  Test, 
an  independent  test  lab  and  engineering 
services  consultancy.  He  can  be  reached  at 
dnewman@networktest.com. 
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Broadband  infrastructure:  Time  for  real  policy 


I’M  LATE  filing  this  column.  Why?  It’s  my 
AT&T  U-Verse  DSL  connection  yet  again. 
I’ve  been  struggling  with  it  all  day. 

I’ve  discussed  the  saga  of  my  latest  DSL  woes  in  several  recent 
Gearhead  columns,  and  the  feedback  from  readers  has  been  amaz¬ 
ing.  It  says  something  that,  so  far,  not  one  reader  has  defended  AT&T. 
What  also  strikes  me  are  all  the  letters  from  readers  for  whom  a  sub¬ 
standard  DSL  service  would  be  a  huge  upgrade  from  what  they  cur¬ 
rently  have. 

For  example,  reader  Ted  Clee  commented,  “When  reciting  your 
woes  with  DSL  speeds,  please  consider  the  feelings  of  us  poor  Texas 
country  folk.  When  I  connect  from  home,  I  am  beyond  the  reach  of 
DSL  or  cable.  I  recently  upgraded  my  service  level  with  my  local  wire¬ 
less  broadband  ISP  with  whom  I  have  a  line-of-sight  connection,  and 
am  now  achieving  512Kbps  (symmetric)  for  $50  monthly,  a  fourfold 
improvement  over  my  previous  sluggish  connection  of  128Kbps  for 
$35.  My  only  alternatives  are  dial-up  or  high-latency  satellite.  You 
could  have  it  worse!” 

Ted’s  right,  I  could  have  it  worse  and,  indeed,  we  could  all  have  it 
worse,  but  that’s  just  the  issue:  If  we,  in  general,  were  to  have  it  worse, 
as  a  society  we  would  miss  out  on  enormous  economic  and  cultural 
benefits. 

It’s  all  about  getting  online  at  a  reasonable  speed  for  a  reasonable 
price.  The  growth  in  the  online  economy  is  still  very  healthy  and,  as  a 
platform  for  business  and  social  innovation,  there’s  nothing  that  com¬ 
pares.  But  the  consumer’s  problem  is  the  lack  of  a  national  policy  and 
a  very  weak  competitive  environment  which  makes  for  patchy,  poorly 


serviced  and  inefficient  national  wired  and  wireless  broadband  infra¬ 
structure.  This,  in  turn,  limits  the  value  that  many  consumers  can  get 
from  Internet  access. 

The  bipartisan  policy  and  political  network  of  technology  CEOs 
called  TechNet  recently  released  a  report  following  the  second  anni¬ 
versary  of  the  Federal  Communications  Commission’s  National 
Broadband  Plan  (NBP)  that  shows  the  U.S.  home  broadband  adoption 
rate  increased  anemically  from  65%  in  2009  to  68%  in  2011. 

I  don’t  think  that  anyone  could  argue  that  consumer  broadband 
adoption  is  a  bad  thing  —  indeed,  as  the  NBP  asserted,  broadband  ser¬ 
vice  is  a  “foundation  for  a  better  way  of  life”  —  but  I  fear  that  we’re  not 
moving  fast  enough  to  make  the  NBP  work  as  it  could. 

I  see  broadband  in  the  same  light  I  see  the  national  highway  sys¬ 
tem  —  it’s  critical  national  infrastructure.  Imagine  the  mess  we’d  have 
if  the  highway  system  had  never  been  built  by  the  government;  today 
it  would  be  a  patchwork  that  wouldn’t  serve  anyone  particularly  well. 
Which  is  how  the  U.S.  broadband  system  is  today:  a  monopoly-driven 
mess. 

The  problem  is  that  the  big  ISPs  control  the  game  and  if  they  con¬ 
tinue  to  get  their  way,  both  mobile  and  wireline  broadband  service  will 
remain  effectively  non-competitive  markets. 

Doubt  that  to  be  the  case?  We’ll  talk  about  what  Verizon  wants  to  do 
next  week...  ■ 

Gibbs  is  slightly  better  connected  in  Ventura,  Calif.,  than  the  folks  in 
rural  Texas.  Tell  backspin@gibbs.com  how  you  fare  and  follow  him  on 
Twitter  (@quistuipater)  and  on  Facebook  (quistuipater). 


NETBUZZ  BY  PAUL  MCNAMARA  illllif llllliiliiimmilllliimmillliiimmilllll 

AT&T  happy  to  profit  from  fraud,  feds  allege 


THE  FEDERAL  government  last  week 
issued  a  remarkable  complaint  against 
AT&T:  In  essence,  the  Department  of  Justice 
alleges  that  the  telecom  giant  has  bilked  U.S.  customers  out  of  millions 
of  dollars  by  willfully  failing  to  prevent  the  rampant  abuse  of  a  system 
designed  to  help  the  hearing  impaired. 

AT&T’s  response:  We  can’t  fix  what  we  can’t  fix.  The  system,  called 
IP  Relay,  lets  people  with  hearing  impairments  place  calls  by  typing 
messages  over  the  Internet.  It  is  funded  by  telephone  customers,  who 
pay  fees  into  a  special  fund  that  reimburses  carriers  at  a  rate  of  about 
$1.30  per  minute. 

However,  the  system  has  been  so  abused  by  foreign-based  scam¬ 
mers  that  the  FCC  in  2009  issued  a  mandate  to  carriers  that  they  verify 
who’s  using  it.  The  Department  of  Justice  alleges  that  AT&T  has  will¬ 
fully  violated  that  mandate  because  —  get  this  —  the  fraudulent  calls 
are  too  lucrative  to  AT&T  for  AT&T  to  turn  them  away. 

It’s  an  astonishing  allegation.  Here’s  part  of  the  DOJ’s  press  release: 
“The  United  States  alleges  that  AT&T  violated  the  False  Claims  Act  by 
facilitating  and  seeking  federal  payment  for  IP  Relay  calls  by  interna¬ 
tional  callers  who  were  ineligible  for  the  service  and  sought  to  use  it 
for  fraudulent  purposes.  The  complaint  alleges  that,  out  of  fears  that 
fraudulent  call  volume  would  drop  after  the  registration  deadline, 
AT&T  knowingly  adopted  a  non-compliant  registration  system  that 
did  not  verify  whether  the  user  was  located  within  the  United  States. 
The  complaint  further  contends  that  AT&T  continued  to  employ  this 
system  even  with  the  knowledge  that  it  facilitated  use  of  IP  Relay  by 
fraudulent  foreign  callers,  which  accounted  for  up  to  95  percent  of 


AT&T’s  call  volume.  The  government’s  complaint  alleges  that  AT&T 
improperly  billed  the  TRS  Fund  for  reimbursement  of  these  calls  and 
received  millions  of  dollars  in  federal  payments  as  a  result.” 

AT&T  issued  a  statement  to  press  outlets  that  appears  to  say:  What 
do  you  want  from  us? 

“As  the  FCC  is  aware,”  the  statement  reads,  “it  is  always  possible  for 
an  individual  to  misuse  IP  Relay  services,  just  as  someone  can  misuse 
the  postal  system  or  an  e-mail  account,  but  FCC  rules  require  that  we 
complete  all  calls  by  customers  who  identify  themselves  as  disabled.” 

Now,  I  have  no  idea  as  to  whether  this  kind  of  fraud  is  something 
a  service  provider  could  stop  or  not.  But  it’s  clear  the  government 
believes  that  AT&T’s  response  to  the  problem  would  have  been  a  whole 
lot  different  had  the  company  been  losing  millions. 

Debunking  a  ridiculous  RFID  rumor 

You’d  like  to  think  that  some  things  are  simply  too  ridiculous  for 
Snopes.com  to  even  bother  debunking  ...  but,  apparently,  you  can’t 
always  get  what  you  want.  This  one  comes  from  the  Snopes  newsletter. 

The  rumor:  That  the  Patient  Protection  and  Affordable  Care  Act  — 
also  known  as  “Obamacare”  to  some  of  those  who  oppose  it  —  requires 
that  everyone  be  implanted  with  an  RFID  microchip  by  March  23, 2013. 

That’s  every  single  American  —  313  million  individuals,  give  or  take 
-by  March  23, 2013. 

I  mean,  seriously,  that’s  only  a  year  from  now.  Don’t  you  think  that 
2014  or  2015  might  be  more  realistic?  ■ 

Send  comments  and  tinfoil  hats  to  buzz@nww.com. 
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Reducing  complexity  has  never  been  simpler. 

Designed  for  growing  businesses,  the  IBM  System  x3650  M3  Express®  server  with  the 
latest  Intel®  Xeon®  processor  5600  series  can  help  you  simplify  your  IT  infrastructure. 
With  simple  start-up,  intuitive  management  and  toolless  design,  this  server  is  easy  to 
deploy  and  manage  -  whether  your  IT  infrastructure  is  physical  or  virtual,  on-site  or 
remote.  Additionally,  you  get  the  valuable  expertise  of  IBM  Business  Partners  to  help 
you  create  an  IT  environment  optimized  to  keep  up  with  tomorrow,  today. 

Rated  No.  1  in  Customer  Satisfaction  by  TBR  for  the  9th  consecutive  quarter.1 


IBM  System  x3650  M3  Express 

$2,799 

OR  S80/MONTH  FOR  36  MONTHS2 
PN: 7945-E6U 


Improve  cost-effectiveness  with  higher  performance  per  watt 


Simplify  management  and  serviceability  with  flexible  design 


Manage  risk  with  resilient  architecture 


IBM  System  x3400  M3  Express 

$1,699 

OR  S49/MONTH  FOR  36  MONTHS2 
PN:  7379-E5U 

Optimum  performance  and  processing  capability  at  a  low  cost _ 

Large  storage  capacity  and  flexible  configurations  to  scale  as  needs  grow 
Reduced  energy  costs  and  simple  management 


IBM  System  Storage®  EXP2500  Express 

$3,399 

OR  $97/MONTH  FOR  36  MONTHS2 
PN:  174712X 

Designed  for  IBM  System  x®  direct  attachment  via  ServeFtAID  M5025  adapter 
High  capacity,  with  support  for  multiple  enclosures  per  configuration 
High  availability  and  reliability,  with  dual  AC  power  supplies  and  fans 


Find  a  system  that  suits 
your  business. 


Visit:  ibm.com/systems/simplicity 


Contact  the  IBM  Concierge  to 
help  you  connect  to  the  right 
IBM  Business  Partner. 
1-866-872-3902  (mention  601BB04A) 


’TBR  3Q11  x86-Based  Servers:  Corporate  IT  Buying  Behavior  &  Customer  Satisfaction  Study,  November  2011, 

2Global  Financing  offerings  are  provided  through  IBM  Credit  LLC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers.  Monthly 
payments  provided  are  for  planning  purposes  only  and  may  vary  based  on  your  credit  and  other  factors.  Lease  offer  provided  is  based  on  an  FMV  lease  of  36  monthly  payments.  Other  restrictions  may  apply. 
Rates  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice.  IBM  hardware  products  are  manufactured  from  new  parts  or  new  and  serviceable  used  parts.  Regardless,  our  warranty 
terms  apply.  For  a  copy  of  applicable  product  warranties,  visit  http://www.ibm.com/servers/support/machine_warranties.  IBM  makes  no  representation  or  warranty  regarding  third-party  products  or 
services.  IBM,  the  IBM  logo,  Express,  System  Storage  and  System  x  are  registered  trademarks  of  International  Business  Machines  Corporation,  registered  in  many  jurisdictions  worldwide.  Other  product  and 
service  names  might  be  trademarks  of  IBM  or  other  companies.  For  a  current  list  of  IBM  trademarks,  see  www.ibm.com/legal/ copytrade.shtml.  Intel,  the  Intel  logo,  Xeon  and  Xeon  Inside  are  trademarks  of  Intel 
Corporation  in  the  U.S.  and  other  countries.  All  prices  and  savings  estimates  are  subject  to  change  without  notice,  may  vary  according  to  configuration,  are  based  upon  IBM ’s  estimated  retail  selling  prices  as 
of  12/16/11  and  may  not  include  storage,  hard  drive,  operating  system  or  other  features.  Reseller  prices  and  savings  to  end  users  may  vary.  Products  are  subject  to  availability.  This  document  was  developed  for 
offerings  in  the  United  States.  IBM  may  not  offer  the  products,  features,  or  services  discussed  in  this  document  in  other  countries.  Contact  your  IBM  representative  or  IBM  Business  Partner  for  the  most 
current  pricing  in  your  geographic  area.  ©2012  IBM  Corporation. 
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Every  day,  billions  of  transactions  pass  through  Brocade 
network  fabrics  as  they  push  high-bandwidth  applications 
to  the  very  edges  of  the  network. 


Brocade.  The  world  leader  in  Ethernet  fabrics. 

Our  self-forming  Ethernet  fabrics  allow  you  to  deploy 
new  switches,  migrate  virtual  machines,  and  reconfigure 
your  network  as  your  business  needs  demand,  without  a 
moment  of  interruption.  It’s  an  automated,  on-demand 
network  designed  for  today’s  high-bandwidth  applications. 

And  perhaps,  best  of  all,  it's  here  today.  More  than  85% 
of  our  deployed  Ethernet  fabrics  are  in  production-a 
benchmark  no  other  networking  vendor  can  touch. 


Find  out  what  Brocade  customers  already  know. 
Learn  more  at  brocade.com/everywhere 
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